groove
1 incidentes
1 paises
1 sectores
ransomware RU Ultimo: 2026-06-25
Groove emerged in mid-2021 as a self-proclaimed ransomware group, but its alleged operator, known as "Boriselcin," later claimed it was largely a social engineering experiment designed to manipulate media and security researchers. Presenting itself as a financially motivated entity engaged in industrial espionage, Groove encouraged a loose collective of cybercriminals and was closely linked to the Russian-language RAMP underground forum. Its activities included leaking Fortinet VPN credentials and publicly calling for cyberattacks against U.S. government interests, while advising against targeting Chinese entities. Although some researchers expressed skepticism about the "hoax" claim, noting the fluidity of cybercrime groups, Groove's operational activity remained minimal and short-lived, largely ceasing by early 2022.
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises afectados
United States (1)Paises objetivo (SOCRadar)
Argentina
Australia
Canada
China
Germany
United Kingdom
India
Italy
SingaporeTaiwan, Province of ChinaSectores atacados
Government (1)
Sectores objetivo (SOCRadar)
Other Information ServicesMonetary Authorities-Central BankHospitalsManufacturingPublic AdministrationInternet PublishingPublishing ServicesJustice & Safety ActivitiesChemical&Pharmaceutical ManufacturingNational Security&International Affairs