Alphv Ransomware Group

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
The ALPHV ransomware group, also known as BlackCat, is a threat actor that has been responsible for a series of high-profile cyberattacks on various sectors. The group, which is believed to be connected to Russian organized crime, first gained notoriety when it claimed responsibility for the MGM Resorts cyberattack in September 2023. The group compromised MGM Resorts by simply locating an employee on LinkedIn and then contacting the Help Desk. In October of the same year, they were involved in the QSI Banking ransomware attack, demonstrating their wide-ranging capabilities and targets. In early 2024, ALPHV initiated a deliberate campaign against the healthcare sector. One of their most notable victims was Change Healthcare, a crucial financial and claims processing link in the US healthcare services industry. The attack occurred on February 21, 2024, leading to significant disruptions in healthcare payments. The group's actions have caused major disturbances to critical systems, underscoring their threat level. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued warnings about the dangers posed by the ALPHV ransomware group. Despite these alerts, the group's activities continue unabated, with some uncertainty around whether they are transitioning or rebranding to the RansomHub ransomware group. This ongoing threat underlines the need for robust cybersecurity measures across all sectors, particularly those providing essential services.
What's your take? (Question 1 of 5)
4ae61d5f-ed57-473b-88c7-1071b6741752 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
MGM
Healthcare
Ransom
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
2
Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malicious software has been used in conjunction with other forms of malware such as Trickbot, BazarLoader, IcedID, and Cobalt S
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
6
AlphV, also known as BlackCat, is a significant threat actor within the cybercrime landscape. Throughout 2023, AlphV has been responsible for numerous high-profile ransomware attacks, stealing significant amounts of data from various organizations. The group claimed responsibility for hacking Clario
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Alphv Ransomware Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Caesars Confirms Ransomware Payoff and Customer Data Breach | #ransomware | #cybercrime | National Cyber Security Consulting
Malwarebytes
a month ago
New ransomware group demands Change Healthcare ransom | Malwarebytes
CERT-EU
8 months ago
The MGM Cyberattack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?
CERT-EU
5 months ago
The Worst Hacks of 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
10 months ago
Cyber Security Today, Week in Review for the week ending Friday, July 21, 2023 | IT World Canada News
CERT-EU
9 months ago
Ransomware attacks hit record level in UK, according to neglected official data
CERT-EU
6 months ago
Payments processor Tipalti investigating ransomware attack
CERT-EU
8 months ago
Hackers Claim a 10-Minute Conversation Led to MGM Resorts Breach
CERT-EU
8 months ago
Hacking a Vegas casino may just take a single phone call | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals…
CERT-EU
6 months ago
HTC Global Services confirms cyberattack; Data leak sparks concern
CERT-EU
7 months ago
Offensive and Defensive AI: Let’s Chat(GPT) About It
CERT-EU
8 months ago
MGM says its hotels and casinos are back up and running
Malwarebytes
8 months ago
Ransomware group steps up, issues statement over MGM Resorts compromise
CERT-EU
8 months ago
ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers
CERT-EU
7 months ago
Japan Aviation Electronics Hit by Cyberattack: Servers Accessed in Security Breach
CERT-EU
8 months ago
Caesars Confirms Ransomware Payoff and Customer Data Breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CSO Online
a year ago
Amazon-owned Ring reportedly suffers ransomware attack
CERT-EU
8 months ago
ALPHV Ransomware Group's 3 New Victims: Clarion, Phil Data, MNGI
CERT-EU
3 months ago
What we know about hacker ransom possibly paid by United Health | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting