Snakefly

Threat Actor updated 4 months ago (2024-05-04T23:17:46.961Z)
Download STIX
Preview STIX
Snakefly, also known as FIN11 and TA505, is a threat actor known for its malicious activities primarily aimed at organizations in North America and Europe. The group is financially motivated and has been active since at least early 2019. Snakefly is particularly associated with the deployment of Cl0p ransomware, which was first spotted in 2019. This ransomware is a key tool in their arsenal, frequently used to target and exploit vulnerabilities within organizations for financial gain. In 2023, Snakefly significantly advanced their extortion attacks by exploiting the MOVEit Transfer vulnerability. This new tactic demonstrated an increase in sophistication, as they were able to hit all of their targets simultaneously. By doing so, they left little room for the victims to develop and implement effective defenses against the attack. This strategy highlighted the group's evolving capabilities and underscored the necessity for robust cybersecurity measures among potential target organizations. Dick O'Brien, Principal Intelligence Analyst at Symantec Threat Hunters, has closely followed and reported on Snakefly's activities. His analysis provides valuable insights into the group's tactics, techniques, and procedures (TTPs). Given the continuous evolution and increasing sophistication of Snakefly's operations, it is crucial for organizations to stay informed about the latest developments and to continually review and update their cybersecurity strategies accordingly.
Description last updated: 2024-05-04T22:49:01.407Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
TA505
2
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
fin11
2
FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste
Clop
2
Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Snakefly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1) | The Last Watchdog
CERT-EU
a year ago
Cyber Security Week in Review: September 8, 2023
Fortinet
a year ago
Ransomware Roundup - Cl0p | FortiGuard Labs