Threat Actor Claims 'Groove' Ransomware Gang Was Hoax

Threat Actor Claims 'Groove' Ransomware Gang Was Hoax

A Russian-speaking ransomware ‘group’ which called on rival entities to join forces in targeting the US government may have been a social engineering experiment designed to toy with Western media, it has emerged.

The so-called “Groove” collective published a post on October 22, exhorting its “business brothers” to “stop competing, unite and begin to destroy the US public sector,” according to threat intelligence firm, Flashpoint.

“In its October 22 post, Groove called for a fight against Russian and FSU infosec companies who are ‘being sold to the Americans’ and warned against attacking China and Chinese-affiliated entities with whom Russian-speaking threat actors should maintain friendly relations,” it said.

“Earlier on the same day, Groove posted a list of logins and passwords that were supposedly the VPN credentials of the Hagerstown, Maryland Police Department, although it is unclear if these credentials are viable. Additionally, the Groove mastermind claimed to have access to several other undisclosed police departments.”

A single actor, dubbed “Boriselcin,” soon after claimed that Groove was just an experiment they alone dreamt up to “check whether it was possible to manipulate the Western media through a ransomware blog.”


Read More: