GOLD SOUTHFIELD
GOLD SOUTHFIELD is a financially motivated threat group active since at least 2018 that operates the REvil Ransomware-as-a Service (RaaS). GOLD SOUTHFIELD provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, GOLD SOUTHFIELD started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.0
None signal strength
Mentions0
Sources0
High conf.0
First observed
2020-09-22
Last active
—
Origin
Eastern Europe / Russia (cybercriminal)
Aliases
2
Techniques
9
Campaigns
0
Eastern Europe / Russia (cybercriminal)
Attribution signals
No attribution signals extracted yet — signals populate automatically as articles are processed.