GOLD WATERFALLGOLD WATERFALL

Also known as: GOLD WATERFALL

Known aliases
1

Profile

GOLD WATERFALL is a group of financially motivated cybercriminals responsible for the creation, distribution, and operation of the Darkside ransomware. Active since August 2020, GOLD WATERFALL uses a variety of tactics, techniques, and procedures (TTPs) to infiltrate and move laterally within targeted organizations to deploy Darkside ransomware to its most valuable resources. Among these TTPs are using malicious documents delivered by email to establish a foothold and using stolen credentials to access victims' remote access services. In November 2020, the 'darksupp' persona was observed advertising an affiliate program on several semi-exclusive underground forums, marking GOLD WATERFALL's entry into the ransomware-as-a-service (RaaS) landscape.

Aliases· 1

GOLD WATERFALL

References

  1. https://www.secureworks.com/research/threat-profiles/gold-waterfall
  2. https://www.secureworks.com/blog/ransomware-groups-use-tor-based-backdoor-for-persistent-access

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
GOLD NORTHFIELD
Actor
GOLD WINTER
Actor
GOLD SOUTHFIELD
Actor
GOLD REBELLION
Actor
GOLD GARDEN
Actor
GOLD RIVERVIEW
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.