Executive Summary – Shadow Syndicate

Executive Summary In late 2024, Darktrace identified multiple instances of RansomHub ransomware attacks linked to the ShadowSyndicate threat group. ShadowSyndicate, active since 2022, has been associated with several ransomware families and sophisticated tools, including Cobalt Strike and Sliver. Their latest collaboration with RansomHub, a rising Ransomware-as-a-Service (RaaS) operator, underscores an evolving threat landscape. This report…

Read More

REMCOS Remote Control & Surveillance Software

What Is Remcos? aka: RemcosRAT, Remvio, Socmer Actor(s): APT33, The Gorgon Group, UAC-0050 Remcos (short for Remote Control and Surveillance) is a commercial system administration application for XP and newer versions of Windows that threat actors have weaponized. Remcos is a closed-source application designed for network maintenance, system monitoring, surveillance, and penetration testing, but attackers use it to…

Read More