Sabbath is a financially motivated ransomware group that initially emerged under the names Eruption and Arcane, with activity tracked as UNC2190 starting mid-2020. The group rebranded to Sabbath in October 2021, and is also tracked as 54BB47h, notably for its shift to an affiliate-based ransomware-as-a-service model. A distinguishing characteristic of Sabbath and its associated operations, including Storm-0501, is their practice of providing pre-configured Cobalt Strike BEACON backdoor payloads to affiliates, an unusual method among similar groups. They are known for aggressive double extortion tactics, which include direct emails to staff, parents, and students of compromised educational institutions to pressure victims into paying multi-million dollar ransom demands. The group often undergoes rebranding, which analysts suggest allows them to avoid scrutiny, although recurring grammatical errors across their various public-facing forums hint at a consistent underlying operational enti

Paises afectados

URLs nuevas detectadas en IntelTracker