ShadowSyndicate is a new Ransomware-as-a-Service (RaaS) provider responsible for multiple ransomware attacks. The threat actor uses various ransomware families and is linked to other ransomware groups. They employ toolkits like Cobalt Strike, IcedID, and Sliver malware for their attacks. The connection was found between their infrastructure and Cl0p/Truebot. There is no confirmation if they are an affiliate or an initial access broker. The threat actor utilizes a single SSH fingerprint on their servers and has multiple server owners involved. Other malware families like Ryuk, Conti, and Trickbot may be involved. Group-IB has published a report detailing their infrastructure and activities. Hashtags: #ShadowSyndicate #Ransomware-as-a-Service #Cybersecurity #Malware.
https://cybersecuritynews.com/shadowsyndicate-raas-provider/