#
ALPHV BlackCat 🐈⬛
#
Adversary Overview
ALPHV BlackCat, also known as Noberus, was a prolific Russian-speaking, ransomware-as-a-service (RaaS) group that emerged in 2021 and was linked to BlackMatter, DarkSide, REvil, and other RaaS groups 1. ALPHV BlackCat utilized ransomware coded in Rust, allowing for enhanced performance, flexibility, and cross-platform capabilities. During it's tenure, ALPHV BlackCat consistently upgraded its tooling and tradecraft, with the last variant, Sphynx, rewritten with enhanced defense evasion capabilities, according to the group 2, 3. The group is alleged to have targeted over a thousand victims across the globe 4. In December 2023, The United States (U.S.) Department of Justice announced they had disrupted group operations and developed an decryption tool for victims 5. The group announced it was removing restrictions previously placed on affiliates, and the most recent targets included MGM Resorts and Change Healthcare in March 2024. Following the Change Healthcare incident, the Department of State issued a reward offer for information on the group due to its targeting of U.S. Critical Infrastructure.