ALPHV Blackcat Ransomware Group
| Actor Type | Criminal Group |
|---|---|
| Affiliated Intrusion Sets | FIN7 |
ALPHV represents the operators behind the BlackCat ransomware strain. According to reporting, ALPHV is likely a Russian-speaking cybercrime group who operate BlackCat as a 'Ransomware as a Service' offering for financial benefit.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
ALPHV Blackcat Ransomware Group Threat Reports
Report
StopRansomware: ALPHV Blackcat
This '#StopRansomware' advisory from CISA and partners outlines technical details and mitigations for the ALPHV Blackcat 'Ransomware as a ...
References
www.mandiant.com
https://www.mandiant.com/resources/blog/evolution-of-fin7www.varonis.com
https://www.varonis.com/blog/blackcat-ransomwarewww.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353awww.cyber.gc.ca
https://www.cyber.gc.ca/en/guidance/profile-alphvblackcat-ransomwarewww.ic3.gov
https://www.ic3.gov/Media/News/2022/220420.pdfMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1586 | Compromise Accounts | Resource Development |
| T1555 | Credentials from Password Stores | Credential Access |
| T1557 | Adversary-in-the-Middle | Collection, Credential Access |
| T1598 | Phishing for Information | Reconnaissance |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |