yanluowang_ransomware_group
The Yanluowang ransomware group is a cybercriminal organization specializing in ransomware attacks. According to recent reporting, a Russian individual, Aleksei Olegovich Volkov (aka chubaka.kor), acted as an initial access broker for the group, selling access to U.S. corporate networks between July 2021 and November 2022. This indicates the group leverages external brokers to obtain initial access to victim environments. The group has targeted U.S. companies, and its operations have had significant economic impacts. There is no direct evidence in the provided content linking Yanluowang to a specific nation-state, nor are any aliases or sub-groups mentioned. The group's tactics include purchasing access to compromised networks and deploying ransomware for financial gain.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Tradecraft
3 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Deploying ransomware attacks against organizations, using initial access brokers to gain entry to networks.
Deploying ransomware attacks, with access facilitated by initial access brokers who breach corporate accounts and sell access to deploy ransomware.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.