Advisoryseverity: High2023-12-19
Joint CISA/FBI/HHS advisory AA23-353A on ALPHV BlackCat
published by CISA
Actor
Russian-speaking ransomware-as-a-service operation, first observed November 2021, notable as the first prominent ransomware family written in Rust. Operated the affiliate program responsible for the…
Summary
FBI, CISA, and HHS released joint Cybersecurity Advisory AA23-353A detailing TTPs and IOCs for the ALPHV BlackCat RaaS, including the February 2023 'Sphynx' 2.0 rewrite that added Linux and VMware ESXi targeting. The advisory was updated on 27 February 2024 to note that, after early-December 2023 law enforcement action, the administrator urged affiliates to target the healthcare sector.
Tags
advisoryransomwarehealthcareesxi
Primary source
cisa.govOther ALPHV/BlackCat events
- 2025-11-19Two U.S. cybersecurity workers plead guilty to ALPHV BlackCat affiliate scheme
- 2024-03-05ALPHV BlackCat shuts down in apparent exit scam after Change Healthcare payment
- 2024-02-21Change Healthcare ransomware incident attributed to ALPHV BlackCat
- 2023-12-19FBI-led international operation seizes ALPHV infrastructure and releases decryptor
- 2021-11-01ALPHV/BlackCat Rust-based RaaS first observed