Uptime Hamster: 15d 5h 2mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza GOLD REBELLION

GOLD REBELLION

0 incidentes 0 paises 0 sectores apt Global Ultimo: -
Aliases: Dark Scorpius, WANDERING SPIDER, White Dev 115
Ver en IntelTracker → APTTrail →
GOLD REBELLION is a financially motivated cybercriminal group, also tracked as Dark Scorpius, that operates the Black Basta ransomware-as-a-service (RaaS) operation. First identified in April 2022, the group quickly distinguished itself by rapidly compromising numerous organizations globally within its initial months. Assessed with high confidence to be of Russian-speaking origin, GOLD REBELLION is widely believed to have ties to or be an offshoot of the defunct Conti ransomware group. The group's primary motivation is financial gain, utilizing a double extortion model where they encrypt victim data and exfiltrate sensitive information, threatening its public release if a ransom is not paid. Unlike some RaaS operations, GOLD REBELLION has shown a reluctance to openly recruit affiliates or advertise on dark web forums. The group exhibits significant adaptability in its initial access methods, frequently shifting tactics, and employs legitimate remote access tools for social engineering.

Aliases del actor

Dark ScorpiusWANDERING SPIDERWhite Dev 115

Actores similares

Scattered Spideractor · 2Indrik Spideractor · 1doppel-spideractor · 1salty-spideractor · 1brain-spideractor · 1skeleton-spideractor · 1bamboo-spideractor · 1andromeda-spideractor · 1cobalt-spideractor · 1boson-spideractor · 1
Tecnicas MITRE
T1547 - Boot or Logon Autostart Execution, TA0007 - Discovery, TA0011 - Command and Control, T1068 - Exploitation for Privilege Escalation, T1071 - Application Layer Protocol, TA0005 - Defense Evasion
Tipo
apt
Pais origen
Global
Motivacion
-
Impacto
33
Actualizado
Fri, 16 Ma

Sectores objetivo (SOCRadar)

Enterprises & HoldingPublic AdministrationConstruction of Buildings