Black Cat

Threat Actor updated a month ago (2024-10-15T10:01:05.374Z)
Download STIX
Preview STIX
Black Cat, also known as AlphV, is a threat actor recognized for its malicious cyber activities. The group has been responsible for several high-profile attacks, including one on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. Following the attack, Black Cat reportedly shut down in March after receiving a $22 million extortion payment from Optum's Change Healthcare. The group also claimed responsibility for stealing over six terabytes of data, including sensitive medical records. The incident was part of a broader pattern of ransomware attacks by Black Cat, which often involved a double-extortion scheme where data was not only encrypted but also stolen and threatened to be leaked if a ransom wasn't paid. After significant takedowns like those involving LockBit or Black Cat, some operators transition to other threat groups, while others temporarily retreat. A variant known as LockBit Black, more modular and evasive than previous versions, shares similarities with Black Cat ransomware. This suggests that elements of Black Cat's modus operandi may persist in new threats. In April 2023, Darktrace's Cyber AI Analyst identified a Black Cat attack on a customer, demonstrating ongoing activity associated with this threat actor. In an attempt to validate their complaint to the Securities and Exchange Commission (SEC), Black Cat published a screenshot of the form they filled out on the SEC’s Tips, Complaints, and Referrals page. They also reportedly published the response received from the SEC, acknowledging the receipt of their complaint. However, shortly after these incidents, it appeared that Black Cat disbanded, leading to speculations of an exit scam following the substantial extortion payment from Change Healthcare. Despite this, the threat posed by Black Cat and similar actors remains significant due to the potential for individual operators to join other groups or start new initiatives.
Description last updated: 2024-10-15T09:19:34.863Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Alphv is a possible alias for Black Cat. Alphv, also known as BlackCat, is a significant threat actor in the cybersecurity landscape. This group has been involved in various high-profile ransomware attacks, including stealing 5TB of data from Morrison Community Hospital. The level of sophistication and impact of their activities highlights
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Meridianlink
Extortion
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Black Cat. LockBit is a type of malware, specifically ransomware, which is designed to infiltrate computer systems and encrypt data, often holding it hostage for ransom. The LockBit ransomware gang has been involved in several high-profile attacks, including against Boeing, from whom they claimed to have stoleUnspecified
2
Source Document References
Information about the Black Cat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
BankInfoSecurity
4 months ago
DARKReading
4 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
8 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago