Black Cat

Threat Actor Profile Updated a month ago
Download STIX
Preview STIX
Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware attack led to serious disruptions in the U.S. prescription market, causing operations to be hamstrung for nine days. To mitigate the impact, Optum allegedly paid AlphV to remove the ransomware and delete the stolen data. Despite these aggressive actions, the group seemed to disband in the aftermath. The fallout from Black Cat's dissolution was intriguing, with many of its operators transitioning to other threat groups or going underground temporarily. A notable development was the emergence of LockBit Black, a variant that was more modular and evasive than previous versions. LockBit Black shared similarities with Black Matter and Black Cat ransomware, suggesting a potential evolution or continuation of Black Cat's tactics, techniques, and procedures. Furthermore, an attack by Black Cat was detected by Darktrace's Cyber AI Analyst in April 2023, indicating the group's continued influence even after its apparent disbandment. In an attempt to validate their complaint to the Securities and Exchange Commission (SEC), Black Cat published a screenshot of the form they filled out on the SEC’s Tips, Complaints, and Referrals page. They also reportedly published the response received from the SEC, acknowledging receipt of their complaint. This move signaled a shift in tactics, demonstrating the group's willingness to engage with regulatory bodies. As a result of the power struggle between the FBI and Black Cat over decryptors, some affiliates are now choosing to collaborate with LockBit, further complicating the cybersecurity landscape.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Alphv
3
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Lockbit Black
1
LockBit Black, also known as LockBit 3.0, is a malware that emerged in early 2022, following the release of its predecessor, LockBit 2.0 (or LockBit Red) in mid-2021. This malicious software, designed to exploit and damage computer systems, encrypts files and often holds them hostage for ransom. The
Alphv Ransomware Group
1
The ALPHV ransomware group, also known as BlackCat, is a threat actor that has been responsible for a series of high-profile cyberattacks on various sectors. The group, which is believed to be connected to Russian organized crime, first gained notoriety when it claimed responsibility for the MGM Res
Black Matter
1
None
REvil
1
REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot
Alphv Group
1
The ALPHV group, also known as BlackCat, is a threat actor that has been active in the cybersecurity landscape. In 2023, the group was significantly impacted by law enforcement actions. Notably, they claimed responsibility for a major hack against Clarion, a global manufacturer of audio and video eq
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Meridianlink
Extortion
Evasive
Malware
Sec
Data Leak
Unitedhealth
Healthcare
Ransom
Encrypt
MGM
Azure
RaaS
Ncr
Reddit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
SphynxUnspecified
1
Sphynx, a new variant of the BlackCat ransomware, was announced and launched by ALPHV Blackcat administrators in February 2023. This update, named ALPHV BlackCat Ransomware 2.0 Sphynx, was rewritten to provide additional features to affiliates, including improved defense evasion capabilities and add
ClopUnspecified
1
Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o
Blackcat Ransomware GroupUnspecified
1
The BlackCat ransomware group, also known as APLHV, is a malware collective that has been active since November 2021. As a Ransomware-as-a-Service group, they specialize in exploiting computer systems and holding data hostage for ransom. The group has targeted computer networks of more than 1,000 vi
Black Bastais related to
1
Black Basta is a notorious malware entity known for its devastating ransomware attacks. First emerging in June 2022, the group has since been associated with a series of high-profile cyber-attacks worldwide. This malware, like others, infiltrates systems through suspicious downloads, emails, or webs
AkiraUnspecified
1
Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Scattered SpiderUnspecified
1
Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur
UNC3944Unspecified
1
UNC3944, also known as Scattered Spider and 0ktapus, is a financially motivated threat actor that has been active since 2021. Initially targeting telecommunication firms and tech companies, the group has expanded its range to include hospitality, retail, media, and financial services sectors. The gr
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Unc3944 Scattered SpiderUnspecified
1
None
Source Document References
Information about the Black Cat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
24 days ago
Millions Affected by Prudential Ransomware Hack in February
DARKReading
a month ago
Meet the Ransomware Negotiators
CERT-EU
4 months ago
GRIT Ransomware Report: February 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
The Great BlackCat Ransomware Heist
CERT-EU
5 months ago
Ransomware group scams its partner out of a share of $22 million by faking an FBI takedown
CERT-EU
5 months ago
Prescription Insecurity: The Russian Connection to Healthcare Cyber Attacks
CERT-EU
5 months ago
US prescription market hamstrung for 9 days (so far) by ransomware attack - Cyber Security Review
CERT-EU
5 months ago
US prescription market hamstrung for 9 days (so far) by ransomware attack | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
7 months ago
Hackers In 2023 Revealed: Unmasking Cyberattacks And More | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
The Most Dangerous People on the Internet in 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
First American cyberattack, Iran APT33, ransomware victim spike | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
BlackCat ransomware gang taken down by law enforcement sting? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Malwarebytes
8 months ago
Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24 | Malwarebytes
CERT-EU
8 months ago
Ransomware Attacker Files SEC Complaint to Increase Pressure on Victim
CERT-EU
9 months ago
Les derniers vols de données (2 novembre 2023)
Securityaffairs
9 months ago
Seiko confirmed a data breach after BlackCat attack
CERT-EU
9 months ago
Seiko says ransomware attack exposed sensitive customer data
CERT-EU
9 months ago
Uncover the nastiest malware of 2023 - Webroot Blog
CERT-EU
10 months ago
Large Michigan healthcare provider confirms ransomware attack
CERT-EU
10 months ago
Don’t Gamble With Your Cybersecurity and Incident Response Plan: Lessons Learned from the Las Vegas Ransomware Attacks