Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Snakefly, also known as FIN11 and TA505, is a threat actor known for its malicious activities primarily aimed at organizations in North America and Europe. The group is financially motivated and has been active since at least early 2019. Snakefly is particularly associated with the deployment of Cl0p ransomware, which was first spotted in 2019. This ransomware is a key tool in their arsenal, frequently used to target and exploit vulnerabilities within organizations for financial gain. In 2023, Snakefly significantly advanced their extortion attacks by exploiting the MOVEit Transfer vulnerability. This new tactic demonstrated an increase in sophistication, as they were able to hit all of their targets simultaneously. By doing so, they left little room for the victims to develop and implement effective defenses against the attack. This strategy highlighted the group's evolving capabilities and underscored the necessity for robust cybersecurity measures among potential target organizations. Dick O'Brien, Principal Intelligence Analyst at Symantec Threat Hunters, has closely followed and reported on Snakefly's activities. His analysis provides valuable insights into the group's tactics, techniques, and procedures (TTPs). Given the continuous evolution and increasing sophistication of Snakefly's operations, it is crucial for organizations to stay informed about the latest developments and to continually review and update their cybersecurity strategies accordingly.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste
Clop is a notorious malware, short for malicious software, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Clop can steal personal information, disrupt operations, or h
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Moveit Transfer VulnerabilityUnspecified
The MOVEit Transfer vulnerability, officially designated as CVE-2023-34362, is a flaw in software design or implementation that has been exploited by the Cl0p ransomware group. Despite initial concerns, there's no evidence that the Cl0p ransomware was deployed when this vulnerability was recently ex
Source Document References
Information about the Snakefly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
7 months ago
LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1) | The Last Watchdog
10 months ago
Cyber Security Week in Review: September 8, 2023
a year ago
Ransomware Roundup - Cl0p | FortiGuard Labs