G1011

G1011EXOTIC LILY

Description

[EXOTIC LILY](https://attack.mitre.org/groups/G1011) is a financially motivated group that has been closely linked with [Wizard Spider](https://attack.mitre.org/groups/G0102) and the deployment of ransomware including [Conti](https://attack.mitre.org/software/S0575) and [Diavol](https://attack.mitre.org/software/S0659). [EXOTIC LILY](https://attack.mitre.org/groups/G1011) may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.(Citation: Google EXOTIC LILY March 2022)

References

  1. https://attack.mitre.org/groups/G1011
  2. https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Wizard Spider
Actor
FIN11
Group
Scattered Spider
Group
FIN10
Group
FIN13
Group
GOLD SOUTHFIELD
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.