Uptime Hamster: 1d 9h 20mDeploy: 13 Jul 2026 10:50Updated: 2026-07-13
Logo del actor de amenaza GOLD SOUTHFIELD

GOLD SOUTHFIELD

1 incidentes 1 paises 1 sectores apt RU Ultimo: 2026-05-25
Ver en IntelTracker → APTTrail →
GOLD SOUTHFIELD is a financially motivated cybercrime group that first emerged in January 2018, initially operating the GandCrab ransomware. The group transitioned to operating the REvil (Sodinokibi) Ransomware-as-a-Service (RaaS) in April 2019 after obtaining the GandCrab source code from GOLD GARDEN, the original GandCrab operators. This group is distinguished by its pioneering role in the RaaS model, recruiting affiliates on underground forums to conduct high-value deployments, and its rapid adoption of double extortion tactics, involving data theft before encryption to compel ransom payments. GOLD SOUTHFIELD is assessed with high confidence to be of Russian origin, characterized by its avoidance of targeting entities within Russia and other Commonwealth of Independent States (CIS) countries. The group's infrastructure was observed to be shuttered in October 2021 but resumed activity in April 2022, indicating a re-emergence and continued development of its ransomware operations. The

Actores similares

apt-goldenbirdactor · 1apt-goldenjackalactor · 1apt-goldenratactor · 1gold-lowellactor · 1golden-chickensactor · 1golden-jackalactor · 1GOLD PRELUDEapt · 0GOLD CABINapt · 0GOLD DUPONTapt · 0GOLD REBELLIONapt · 0
Motivacion