Gold Ulrick

GOLD ULRICK, also known as ITG23, is a threat actor identified for its aggressive and unrestricted operations in the cybersecurity landscape. The group has shown no hesitation in targeting healthcare organizations with Conti ransomware, a malicious software designed to block access to a computer system until a sum of money is paid. GOLD ULRICK has also been linked to Ryuk ransomware infections, where it has leveraged PowerShell scripts to create new Group Policy Objects (GPOs) to prepare the environment for the deployment of this particular ransomware. This technique involves using the Import-GPO cmdlet, indicating a high level of sophistication and expertise in their methods. In addition to Conti and Ryuk, GOLD ULRICK has utilized shares on domain controllers to distribute Ryuk to compromised environments via batch files and PowerShell scripts. This further demonstrates their advanced capabilities and broad arsenal of cyber threats. It's worth noting that GOLD ULRICK is not the only threat actor employing these tactics; GOLD VILLAGE, another threat group, has used similar strategies in Maze ransomware incidents, indicating a shared methodology or potential collaboration between these groups. Despite their extensive activities, GOLD ULRICK experienced significant disruption in May 2022 due to a series of events triggered by the Russian invasion of Ukraine. This led to the shutdown of the Conti/TrickBot syndicate, a network closely associated with GOLD ULRICK. While this disruption marked a significant setback for the group, it remains crucial to stay vigilant of potential resurgences or offshoots of this threat actor given their previous impact and demonstrated capabilities.