← All Threat Actors
Threat Actor Profile

INC Ransom

G1032 GOLD IONIC
▲ High Threat
Corporate Data Exfiltration Wave, Healthcare Sector Targeting
Origin Russia/CIS
Motivation Financial gain

Target Sectors

Healthcare Financial Services Manufacturing Government Agencies Critical Infrastructure Professional Services

Known TTPs

Initial access via phishing and exploitation of public-facing vulnerabilities (CVEs)
Use of Cobalt Strike for command and control (C2) and lateral movement
Data exfiltration using Rclone and other cloud synchronization tools
Credential harvesting via Mimikatz and LSASS dumping
Lateral movement utilizing RDP, SMB, and PsExec
Double extortion via a proprietary data leak site
Disabling security software and deleting volume shadow copies to prevent recovery

External Resources

CISA Advisories ↗

Related Intelligence


LINK COPIED TO CLIPBOARD