{ "id": "1ee6383c-2fd9-42c6-9b05-5154212b194f", "created_at": "2026-04-06T00:12:48.615353Z", "updated_at": "2026-04-10T13:12:03.773764Z", "deleted_at": null, "sha1_hash": "0f704b0bfac321eefeff666c1072f46473dd1e03", "title": "Accenture Report Reveals New Cybercrime Operating Model Among High-Profile Threat Groups", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 258942, "plain_text": "Accenture Report Reveals New Cybercrime Operating Model\r\nAmong High-Profile Threat Groups\r\nArchived: 2026-04-05 19:48:40 UTC\r\nAugust 14, 2019\r\nAccenture Security’s 2019 Cyber Threatscape Report identifies top threats influencing the cyber landscape,\r\nincluding emerging disinformation techniques and evolving relationships in the underground economy\r\nARLINGTON, Va.; Aug. 14, 2019 – Cybercrime campaigns and high-profile advanced persistent threat groups are\r\nshifting how they target victims and focusing more on intricate relationships with “secure syndicate” partnerships\r\nto disguise activity, according to the latest 2019 Cyber Threatscape Report from Accenture (NYSE: ACN).\r\nLeveraging Accenture Security threat-intelligence capabilities and research from primary and secondary open-source materials, the annual report provides insights and predictions on the cyberthreat landscape and how it will\r\nshift over the next year. The goal is to help organizations stay ahead of threats relevant to their organization,\r\nindustry and geography.\r\n“Over the past year, cybercriminals have continued to test the resilience of organizations by layering attacks,\r\nupdating techniques and establishing new, intricate relationships to better disguise their identities, making\r\nattribution more difficult to pursue,” said Josh Ray, a managing director at Accenture Security. “Organizations\r\nshould understand the tangible elements, or the bread crumb trail left behind, which can help reveal the\r\nmotivations, operational procedures and tool use, to create a profile of the adversary. This process is critical for\r\norganizations to understand so they can proactively be involved in properly allocating resources and improving\r\ntheir security posture to avoid becoming cybercrime’s next victim.”\r\nhttps://newsroom.accenture.com/news/accenture-report-reveals-new-cybercrime-operating-model-among-high-profile-threat-groups.htm\r\nPage 1 of 3\n\nAccenture releases 2019 Cyber Threatscape Report, identifies top threats influencing\r\nthe cyber landscape and reveals emerging disinformation techniques\r\nA shift in high-profile cybercrime operating models\r\nThe report notes a significant increase in threat actors and groups conducting targeted intrusions for financial gain,\r\nalso referred to as “big game hunting.” Despite the arrests of individuals associated with online underground\r\nmarketplaces, activity among infamous threat actor groups — such as Cobalt Group, FIN7 and Contract Crew —\r\nhas continued. Accenture Security analysts have also observed the shared use of tools that automate the process of\r\nmass-producing malicious documents to spread malware, such as More_Eggs, which is used in both conventional\r\ncrimeware campaigns and targeted attacks.\r\nThe continued activity is associated with relationships forming among “secure syndicates” that closely collaborate\r\nand use the same tools — suggesting a major a change in how threat actors work together in the underground\r\neconomy. With syndicates working together, the lines are even more blurred between threat actor groups, making\r\nattribution more difficult.\r\nIn addition, Accenture Security analysts have observed a shift in the way Cobalt Group targets victims to gain\r\naccess to the victims’ supply chain networks. While malware has typically been sent to internet users via phishing\r\nemails, analysts now see an emergence of malware executed through web browsers focused on targeting online\r\nmerchants and retailers specifically.\r\nThe global disinformation battlefield\r\nThe report also finds evidence of a continued global disinformation battlefield influencing social media users and\r\ncautions that threat actors are becoming more skilled at exploiting legitimate tools. While disinformation\r\ncampaigns to influence both domestic or foreign political sentiment and sway national elections will continue, the\r\nwider potential impact of disinformation on global financial markets is even more concerning, the report notes.\r\nhttps://newsroom.accenture.com/news/accenture-report-reveals-new-cybercrime-operating-model-among-high-profile-threat-groups.htm\r\nPage 2 of 3\n\nThe financial services industry — and, more specifically, high-frequency trading algorithms, which rely upon fast,\r\ntext-driven sources of information — are likely to be targeted by large-scale disinformation efforts in the future.\r\nRise in ransomware: network access for sale\r\nIn addition, ransomware is increasingly plaguing businesses and government infrastructures, with the number of\r\nransomware attacks more than tripling in just the past two years. Aside from delivery via spam campaigns,\r\nanalysts have witnessed threat groups Nikolay and GandCrab planting ransomware directly on networks through\r\nnetwork access intrusions. Actors are offering to sell remote desktop protocol (RDP) access to corporate networks,\r\nwhich they’ve likely gained through compromised servers and RDP brute forcing, to those in underground\r\ncommunities.\r\nTo read more about the top threat factors influencing the cyber landscape today and predictions from Accenture\r\nSecurity, please read the full 2019 Cyber Threatscape Report available here .\r\nAbout Accenture\r\nAccenture is a leading global professional services company, providing a broad range of services and solutions in\r\nstrategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills\r\nacross more than 40 industries and all business functions — underpinned by the world’s largest delivery network\r\n— Accenture works at the intersection of business and technology to help clients improve their performance and\r\ncreate sustainable value for their stakeholders. With 482,000 people serving clients in more than 120 countries,\r\nAccenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.\r\nAccenture Security helps organizations build resilience from the inside out, so they can confidently drive\r\ninnovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across\r\nclient value chains and services that span the security lifecycle, Accenture protects organizations’ valuable assets,\r\nend-to-end. With services that include strategy and risk management, cyber defense, digital identity, application\r\nsecurity and managed security, Accenture enables businesses around the world to defend against known\r\nsophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at\r\nwww.accenture.com/security.\r\n# # #\r\nSource: https://newsroom.accenture.com/news/accenture-report-reveals-new-cybercrime-operating-model-among-high-profile-threat-groups.ht\r\nm\r\nhttps://newsroom.accenture.com/news/accenture-report-reveals-new-cybercrime-operating-model-among-high-profile-threat-groups.htm\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://newsroom.accenture.com/news/accenture-report-reveals-new-cybercrime-operating-model-among-high-profile-threat-groups.htm" ], "report_names": [ "accenture-report-reveals-new-cybercrime-operating-model-among-high-profile-threat-groups.htm" ], "threat_actors": [ { "id": "9de1979b-40fc-44dc-855d-193edda4f3b8", "created_at": "2025-08-07T02:03:24.92723Z", "updated_at": "2026-04-10T02:00:03.755516Z", "deleted_at": null, "main_name": "GOLD LOCUST", "aliases": [ "Anunak", "Carbanak", "Carbon Spider ", "FIN7 ", "Silicon " ], "source_name": "Secureworks:GOLD LOCUST", "tools": [ "Carbanak" ], "source_id": "Secureworks", "reports": null }, { "id": "610a7295-3139-4f34-8cec-b3da40add480", "created_at": "2023-01-06T13:46:38.608142Z", "updated_at": "2026-04-10T02:00:03.03764Z", "deleted_at": null, "main_name": "Cobalt", "aliases": [ "Cobalt Group", "Cobalt Gang", "GOLD KINGSWOOD", "COBALT SPIDER", "G0080", "Mule Libra" ], "source_name": "MISPGALAXY:Cobalt", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bb8702c5-52ac-4359-8409-998a7cc3eeaf", "created_at": "2023-01-06T13:46:38.405479Z", "updated_at": "2026-04-10T02:00:02.961112Z", "deleted_at": null, "main_name": "FIN7", "aliases": [ "ATK32", "G0046", "G0008", "Sangria Tempest", "ELBRUS", "GOLD NIAGARA", "Coreid", "Carbanak", "Carbon Spider", "JokerStash", "CARBON SPIDER" ], "source_name": "MISPGALAXY:FIN7", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "f4f16213-7a22-4527-aecb-b964c64c2c46", "created_at": "2024-06-19T02:03:08.090932Z", "updated_at": "2026-04-10T02:00:03.6289Z", "deleted_at": null, "main_name": "GOLD NIAGARA", "aliases": [ "Calcium ", "Carbanak", "Carbon Spider ", "FIN7 ", "Navigator ", "Sangria Tempest ", "TelePort Crew " ], "source_name": "Secureworks:GOLD NIAGARA", "tools": [ "Bateleur", "Carbanak", "Cobalt Strike", "DICELOADER", "DRIFTPIN", "GGLDR", "GRIFFON", "JSSLoader", "Meterpreter", "OFFTRACK", "PILLOWMINT", "POWERTRASH", "SUPERSOFT", "TAKEOUT", "TinyMet" ], "source_id": "Secureworks", "reports": null }, { "id": "2dfaa730-7079-494c-b2f0-3ff8f3598a51", "created_at": "2022-10-25T16:07:23.474746Z", "updated_at": "2026-04-10T02:00:04.623746Z", "deleted_at": null, "main_name": "Cobalt Group", "aliases": [ "ATK 67", "Cobalt Gang", "Cobalt Spider", "G0080", "Gold Kingswood", "Mule Libra", "TAG-CR3" ], "source_name": "ETDA:Cobalt Group", "tools": [ "ATMRipper", "ATMSpitter", "Agentemis", "AmmyyRAT", "AtNow", "COOLPANTS", "CobInt", "Cobalt Strike", "CobaltStrike", "Cyst Downloader", "Fareit", "FlawedAmmyy", "Formbook", "Little Pig", "Metasploit Stager", "Mimikatz", "More_eggs", "NSIS", "Nullsoft Scriptable Install System", "Pony Loader", "Ripper ATM", "SDelete", "Siplog", "SoftPerfect Network Scanner", "SpicyOmelette", "Taurus Builder", "Taurus Builder Kit", "Taurus Loader", "Terra Loader", "ThreatKit", "VenomKit", "cobeacon", "win.xloader" ], "source_id": "ETDA", "reports": null }, { "id": "bfded1cf-be73-44f9-a391-0751c9996f9a", "created_at": "2022-10-25T15:50:23.337107Z", "updated_at": "2026-04-10T02:00:05.252413Z", "deleted_at": null, "main_name": "FIN7", "aliases": [ "FIN7", "GOLD NIAGARA", "ITG14", "Carbon Spider", "ELBRUS", "Sangria Tempest" ], "source_name": "MITRE:FIN7", "tools": [ "Mimikatz", "AdFind", "JSS Loader", "HALFBAKED", "REvil", "PowerSploit", "CrackMapExec", "Carbanak", "Pillowmint", "Cobalt Strike", "POWERSOURCE", "RDFSNIFFER", "SQLRat", "Lizar", "TEXTMATE", "BOOSTWRITE" ], "source_id": "MITRE", "reports": null }, { "id": "c11abba0-f5e8-4017-a4ee-acb1a7c8c242", "created_at": "2022-10-25T15:50:23.744036Z", "updated_at": "2026-04-10T02:00:05.294413Z", "deleted_at": null, "main_name": "Cobalt Group", "aliases": [ "Cobalt Group", "GOLD KINGSWOOD", "Cobalt Gang", "Cobalt Spider" ], "source_name": "MITRE:Cobalt Group", "tools": [ "Mimikatz", "More_eggs", "SpicyOmelette", "SDelete", "Cobalt Strike", "PsExec" ], "source_id": "MITRE", "reports": null }, { "id": "88e53203-891a-46f8-9ced-81d874a271c4", "created_at": "2022-10-25T16:07:24.191982Z", "updated_at": "2026-04-10T02:00:04.895327Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "ATK 86", "Contract Crew", "G0091", "TAG-CR8", "TEMP.TruthTeller", "Whisper Spider" ], "source_name": "ETDA:Silence", "tools": [ "EDA", "EmpireDNSAgent", "Farse", "Ivoke", "Kikothac", "LOLBAS", "LOLBins", "Living off the Land", "Meterpreter", "ProxyBot", "ReconModule", "Silence.Downloader", "TiniMet", "TinyMet", "TrueBot", "xfs-disp.exe" ], "source_id": "ETDA", "reports": null }, { "id": "d85adfe3-e1c3-40b0-b8bb-d1bacadc4d82", "created_at": "2022-10-25T16:07:23.619566Z", "updated_at": "2026-04-10T02:00:04.690061Z", "deleted_at": null, "main_name": "FIN7", "aliases": [ "APT-C-11", "ATK 32", "G0046", "Gold Niagara", "GrayAlpha", "ITG14", "TAG-CR1" ], "source_name": "ETDA:FIN7", "tools": [ "7Logger", "Agentemis", "Anubis Backdoor", "Anunak", "Astra", "BIOLOAD", "BIRDWATCH", "Bateleur", "Boostwrite", "CROWVIEW", "Carbanak", "Cobalt Strike", "CobaltStrike", "DICELOADER", "DNSMessenger", "FOWLGAZE", "HALFBAKED", "JSSLoader", "KillACK", "LOADOUT", "Lizar", "Meterpreter", "Mimikatz", "NetSupport", "NetSupport Manager", "NetSupport Manager RAT", "NetSupport RAT", "NetSupportManager RAT", "POWERPLANT", "POWERSOURCE", "RDFSNIFFER", "Ragnar Loader", "SQLRAT", "Sardonic", "Sekur", "Sekur RAT", "TEXTMATE", "Tirion", "VB Flash", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434368, "ts_updated_at": 1775826723, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/0f704b0bfac321eefeff666c1072f46473dd1e03.pdf", "text": "https://archive.orkl.eu/0f704b0bfac321eefeff666c1072f46473dd1e03.txt", "img": "https://archive.orkl.eu/0f704b0bfac321eefeff666c1072f46473dd1e03.jpg" } }