Snakefly

Threat Actor updated 6 months ago (2024-05-04T23:17:46.961Z)
Download STIX
Preview STIX
Snakefly, also known as FIN11 and TA505, is a threat actor known for its malicious activities primarily aimed at organizations in North America and Europe. The group is financially motivated and has been active since at least early 2019. Snakefly is particularly associated with the deployment of Cl0p ransomware, which was first spotted in 2019. This ransomware is a key tool in their arsenal, frequently used to target and exploit vulnerabilities within organizations for financial gain. In 2023, Snakefly significantly advanced their extortion attacks by exploiting the MOVEit Transfer vulnerability. This new tactic demonstrated an increase in sophistication, as they were able to hit all of their targets simultaneously. By doing so, they left little room for the victims to develop and implement effective defenses against the attack. This strategy highlighted the group's evolving capabilities and underscored the necessity for robust cybersecurity measures among potential target organizations. Dick O'Brien, Principal Intelligence Analyst at Symantec Threat Hunters, has closely followed and reported on Snakefly's activities. His analysis provides valuable insights into the group's tactics, techniques, and procedures (TTPs). Given the continuous evolution and increasing sophistication of Snakefly's operations, it is crucial for organizations to stay informed about the latest developments and to continually review and update their cybersecurity strategies accordingly.
Description last updated: 2024-05-04T22:49:01.407Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
TA505 is a possible alias for Snakefly. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
2
fin11 is a possible alias for Snakefly. FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste
2
Clop is a possible alias for Snakefly. Clop, also known as Cl0p, is a ransomware group primarily targeting financial gain by holding data or services hostage. This Russian-speaking cybercriminal organization began exploiting a zero-day vulnerability, CVE-2023-34362, in Progress Software's MOVEit secure file transfer software on May 27, 2
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Clop
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Snakefly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more