Menu
Advisories

ZeroFox Intelligence Flash Report - ALPHV and NoEscape Affiliates Very Likely Pivoting to Alternative Operations

|by Alpha Team

banner image

ZeroFox Intelligence Flash Report - ALPHV and NoEscape Affiliates Very Likely Pivoting to Alternative Operations

Product Serial: F-2023-12-14b

TLP:CLEAR

In this flash report, ZeroFox researchers analyze how disruption to the operations of prolific R&DE collectives ALPHV (aka BlackCat) and NoEscape will very likely drive former affiliates to pivot to other R&DE offerings, and how similar collectives will likely look to leverage this.

Standing Intelligence Requirements

Deep Dark Web and Criminal Underground DDW

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

  • Disruption to the operations of prolific ransomware & digital extortion (R&DE) collectives ALPHV (aka BlackCat) and NoEscape will likely drive former affiliates to pivot to other R&DE offerings.
  • Disruption to ALPHV’s operation has most likely been caused by a currently-undisclosed law enforcement operation against the cartel. NoEscape operators have reportedly conducted an exit scam, stealing ransom payments and closing down the group’s web panels and data leak sites.
  • If affiliates and R&DE collective operators are unable to continue deploying these strains, they will very likely pivot to other well-known R&DE offerings or rebrand and launch their own extortion operations.

Tags: tlp:clear threat actorDDW Ransomware