V Is Vendetta

"V is Vendetta" has emerged as a new threat actor, identified in February of this year. This group appears to have connections with the notorious ransomware group known as Cuba (also referred to as COLDDRAW and Tropical Scorpius). The link between these two entities is evident from the fact that V is Vendetta's website is hosted on a domain associated with the Cuba gang. Interestingly, the name "V is Vendetta" deviates from the typical Cuban-themed monikers used by this hacking group, suggesting it may be a sub-group or affiliate. In February, V is Vendetta started making its mark by publishing information about three victims on a uniquely branded site. The site uses imagery from a popular mid-2000s dystopian action film, a departure from the not-so-new practice of branding hacker sites. Despite being relatively new on the scene, the group continues to remain active, with new extortion victims regularly coming to light. The cybersecurity community has been monitoring the activities of V is Vendetta closely since its emergence. Kaspersky has detailed the tactics, techniques, and procedures of the Cuba ransomware group and has also identified the new moniker, V is Vendetta, suspected of being used by a sub-group or affiliate. As the group continues to operate, the industry remains vigilant in tracking its activities and assessing the potential threats it poses.