Who is GOLD SOUTHFIELD?

GOLD SOUTHFIELD is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does GOLD SOUTHFIELD exploit?

Specific CVE exploitation data for GOLD SOUTHFIELD is being tracked. Check the Strobes VI threat actor profile for updates.

GOLD SOUTHFIELD

Exploited CVEs

Overview

GOLD SOUTHFIELD is a financially motivated cybercriminal threat group that authors and operates the REvil (aka Sodinokibi) ransomware on behalf of various affiliated threat groups. Operational since April 2019, the group obtained the GandCrab source code from GOLD GARDEN, the operators of GandCrab that voluntarily withdrew their ransomware from underground markets in May 2019. GOLD SOUTHFIELD is responsible for authoring REvil and operating the backend infrastructure used by affiliates (also called partners) to create malware builds and to collect ransom payments from victims. CTU researchers assess with high confidence that GOLD SOUTHFIELD is a former GandCrab affiliate and continues to work with other former GandCrab affiliates.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database