Black Cat

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
Black Cat, also known as AlphV, is a notable threat actor that has been involved in several high-profile cyberattacks. Known for their ruthless tactics, they have been a significant player in the cybersecurity landscape, particularly with their double-extortion Ransomware-as-a-Service (RaaS) operations. Their victims include prominent entities such as Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), which they attacked in late February 2024. The group has also developed an advanced ransomware variant called LockBit Black, which shares similarities with other notorious ransomware strains like Black Matter and Black Cat ransomware. In April 2023, Darktrace's Cyber AI Analyst identified an attack by Black Cat on a customer. Furthermore, the group has been actively publicizing its activities, going as far as publishing a screenshot of a complaint form they submitted to the Securities and Exchange Commission (SEC) to demonstrate the legitimacy of their complaint. They even published the SEC's response acknowledging receipt of their complaint. This move illustrates the audacity of the group and their willingness to openly challenge authorities. However, despite their aggressive tactics, there are signs that Black Cat's operations may be under threat. Recent events suggest a power struggle between the FBI and Black Cat over access to decryption tools, leading some affiliates to shift their allegiance to other groups like LockBit. Furthermore, according to Yelisey Bohuslavkiy, chief research officer at security vendor RedSense, administrators from groups linked to Black Cat confirmed that their operations had been disrupted by law enforcement. Despite these setbacks, Black Cat remains a significant threat within the cybersecurity landscape.
What's your take? (Question 1 of 2)
1e38eb8c-2952-4bd5-9ade-c0dca3dc785c Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Alphv
3
AlphV, also known as BlackCat, is a significant threat actor within the cybercrime landscape. Throughout 2023, AlphV has been responsible for numerous high-profile ransomware attacks, stealing significant amounts of data from various organizations. The group claimed responsibility for hacking Clario
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Meridianlink
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Black Cat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Seiko says ransomware attack exposed sensitive customer data
CERT-EU
3 months ago
US prescription market hamstrung for 9 days (so far) by ransomware attack - Cyber Security Review
CERT-EU
a year ago
Town Hires New Cybersecurity Firm | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
Malwarebytes
6 months ago
Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24 | Malwarebytes
Malwarebytes
a year ago
Black Cat ransomware group wants $4.5m from Reddit or will leak stolen files
CERT-EU
8 months ago
Biggest Lessons from the MGM Ransomware Attack | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
Don’t Gamble With Your Cybersecurity and Incident Response Plan: Lessons Learned from the Las Vegas Ransomware Attacks
CERT-EU
6 months ago
Ransomware Attacker Files SEC Complaint to Increase Pressure on Victim
CERT-EU
8 months ago
Weakest link in cybersecurity. Poles' rail revolution. 24/7 concierge. FlyAkeed gets boost. | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
ALPHV Ransomware Group's 3 New Victims: Clarion, Phil Data, MNGI
CERT-EU
a year ago
New LockBit variant targets MacOS, another relies on Conti source code
CERT-EU
10 months ago
Darktrace HEAL™ Brings Industry First AI-Enabled Capabilities to Transform Incident Response, Readiness and Recovery
CERT-EU
8 months ago
Ransomware groups are once again targeting smaller businesses for more lucrative payouts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Checkpoint
a year ago
15th May – Threat Intelligence Report - Check Point Research
CERT-EU
8 months ago
Large Michigan healthcare provider confirms ransomware attack
CERT-EU
8 months ago
Ransomware group taking credit for MGM cybersecurity issue | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
Tactics of MGM-Caesars attackers were known for several months
CERT-EU
a year ago
BlackCat Group Claims Responsibility for NCR Ransomware Attack
CERT-EU
a year ago
HWL Ebsworth says it has spent 5000 hours fighting hack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
Scattered Spider "bites" in Las Vegas - Panda Security