| SYMBOL | COMMON_NAME | aka. SYNONYMS |
GOLD SOUTHFIELD is a financially motivated cybercriminal threat group that authors and operates the REvil (aka Sodinokibi) ransomware on behalf of various affiliated threat groups. Operational since April 2019, the group obtained the GandCrab source code from GOLD GARDEN, the operators of GandCrab that voluntarily withdrew their ransomware from underground markets in May 2019. GOLD SOUTHFIELD is responsible for authoring REvil and operating the backend infrastructure used by affiliates (also called partners) to create malware builds and to collect ransom payments from victims. CTU researchers assess with high confidence that GOLD SOUTHFIELD is a former GandCrab affiliate and continues to work with other former GandCrab affiliates.
There are currently no families associated with this actor.
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD SOUTHFIELD REvil GOLD SOUTHFIELD |
| 2020-04-08
⋅
Secureworks
⋅
How Cyber Adversaries are Adapting to Exploit the Global Pandemic GOLD SOUTHFIELD TA2101 TA505 WIZARD SPIDER |
| 2019-09-24
⋅
Secureworks
⋅
REvil: The GandCrab Connection REvil GOLD SOUTHFIELD |
| 2019-09-24
⋅
Secureworks
⋅
REvil/Sodinokibi Ransomware REvil GOLD SOUTHFIELD |