ShadowSyndicate Investigation Reveals RaaS Ties

Written by

A recent collaborative investigation by Group-IB Threat Intelligence, Bridewell and threat researcher Michael Koczwara has exposed the existence of a new threat actor in the cybersecurity landscape – ShadowSyndicate. This entity is suspected of operating as a Ransomware-as-a-Service (RaaS) affiliate with distinctive characteristics and a noteworthy impact.

ShadowSyndicate stands out due to its consistent use of a singular Secure Shell (SSH) fingerprint across a network of malicious servers. To date, this fingerprint has been identified on 85 servers since July 2022, a relatively uncommon occurrence in the cybersecurity domain. Notably, this actor has displayed remarkable versatility, having engaged with seven different ransomware families over the past year.

While the exact role of ShadowSyndicate remains unconfirmed, substantial evidence suggests its affiliation with the RaaS sector. The investigation intended to provide insights into ShadowSyndicate’s infrastructure and its potential implications for the cyber-threat landscape.

The collaborative investigation was summed up in an advisory published by Group-IB earlier today. According to the new data, ShadowSyndicate’s alliances suggest a degree of sophistication and coordination, underscoring the actor’s potential to exert influence and cause damage within the broader threat landscape.

In terms of tools and tactics, ShadowSyndicate has displayed a penchant for using established hacking tools such as Cobalt Strike, IcedID and Sliver malware. 

The investigation has also revealed compelling connections between ShadowSyndicate and known ransomware activities. Connections have been established with a diverse array of ransomware families, including Quantum, Nokoyawa, ALPHV, Royal, Cl0p, Cactus and Play. 

Read more on some of these threat actors: Ransomware Surges With 1500 Confirmed Victims This Year

This versatility underscores the threat actor’s adaptability and suggests its involvement in a wide range of cyber incidents. These findings indicate the need for continued vigilance and collaboration among cybersecurity experts to counter the evolving threat posed by ShadowSyndicate.

As the investigation unfolds, Group-IB said the cybersecurity community will continue exploring the evolving threat that ShadowSyndicate presents.

What’s hot on Infosecurity Magazine?