Gold Ulrick

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
GOLD ULRICK, also known as ITG23, is a threat actor identified for its aggressive and unrestricted operations in the cybersecurity landscape. The group has shown no hesitation in targeting healthcare organizations with Conti ransomware, a malicious software designed to block access to a computer system until a sum of money is paid. GOLD ULRICK has also been linked to Ryuk ransomware infections, where it has leveraged PowerShell scripts to create new Group Policy Objects (GPOs) to prepare the environment for the deployment of this particular ransomware. This technique involves using the Import-GPO cmdlet, indicating a high level of sophistication and expertise in their methods. In addition to Conti and Ryuk, GOLD ULRICK has utilized shares on domain controllers to distribute Ryuk to compromised environments via batch files and PowerShell scripts. This further demonstrates their advanced capabilities and broad arsenal of cyber threats. It's worth noting that GOLD ULRICK is not the only threat actor employing these tactics; GOLD VILLAGE, another threat group, has used similar strategies in Maze ransomware incidents, indicating a shared methodology or potential collaboration between these groups. Despite their extensive activities, GOLD ULRICK experienced significant disruption in May 2022 due to a series of events triggered by the Russian invasion of Ukraine. This led to the shutdown of the Conti/TrickBot syndicate, a network closely associated with GOLD ULRICK. While this disruption marked a significant setback for the group, it remains crucial to stay vigilant of potential resurgences or offshoots of this threat actor given their previous impact and demonstrated capabilities.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Gold Ulrick Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
Secureworks
a year ago
Phases of a Post-Intrusion Ransomware Attack
Secureworks
a year ago
Ransomware Evolution