ZeroFox Intelligence Flash Report - ALPHV and NoEscape Affiliates Very Likely Pivoting to Alternative Operations
|by Alpha Team

ZeroFox Intelligence Flash Report - ALPHV and NoEscape Affiliates Very Likely Pivoting to Alternative Operations
Product Serial: F-2023-12-14b
TLP:CLEAR
In this flash report, ZeroFox researchers analyze how disruption to the operations of prolific R&DE collectives ALPHV (aka BlackCat) and NoEscape will very likely drive former affiliates to pivot to other R&DE offerings, and how similar collectives will likely look to leverage this.
Standing Intelligence Requirements
Deep Dark Web and Criminal Underground
For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:
https://cloud.zerofox.com/intelligence/advisories/14956
Link to Download
View the full report here
Key Findings
- Disruption to the operations of prolific ransomware & digital extortion (R&DE) collectives ALPHV (aka BlackCat) and NoEscape will likely drive former affiliates to pivot to other R&DE offerings.
- Disruption to ALPHV’s operation has most likely been caused by a currently-undisclosed law enforcement operation against the cartel. NoEscape operators have reportedly conducted an exit scam, stealing ransom payments and closing down the group’s web panels and data leak sites.
- If affiliates and R&DE collective operators are unable to continue deploying these strains, they will very likely pivot to other well-known R&DE offerings or rebrand and launch their own extortion operations.
Tags: tlp:clear, threat actor, DDW Ransomware