sinobi
Ransomware group profile
273Victims
RussiaSource country
66Impact score
Description
Sinobi is a financially motivated threat group that employs a hybrid Ransomware-as-a-Service (RaaS) model. Emerging in mid-2025, it is characterized by a disciplined approach to attacks, extensive operational security, and a focus on stealth through living-off-the-land techniques.
Key insights
- •Utilizes a double-extortion model, threatening public disclosure of stolen data if ransom demands are not met.
- •Initial access is commonly gained through stolen VPN or Remote Desktop Protocol (RDP) credentials, often exploiting known vulnerabilities.
- •Employs sophisticated evasion tactics, including disabling endpoint protection, modifying firewall configurations, and data exfiltration using legitimate tools like Rclone.
- •Has been linked to past groups like Lynx and INC due to code overlaps and operational similarities.
- •Targets a diverse range of sectors, with notable attacks on organizations in healthcare and manufacturing.
Threat Level & Status Breakdown
For sinobi · Based on incidents in selected period
2.6threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality2.7/ 10
Status Breakdown
Claimed100.0%273
First seenJun 2025
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for sinobi in the selected period
273Total attacks
58peak in Oct
24.8avg / month
↑ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for sinobi
- b2398a81b5467f75f476a107027b3259
- acce811c4fc2a6e3fddd4231e386f1648ca44f039d2d275316bc0a0fc96e0af4
- deea481121129d4779195e93fdc39ae62fecb168fd5a384d0ccf8082f06092e5
- 7f37351979c249417cb180b4ede0ed17e5fe2a1f08add4d72606b589f8fdb245
- 39300863bcaad71e5d4efc9a1cae118440aa778f
- d65120291dee76c694f8bea54841f7f68329b499b28f4aee5ea5c9369a7432cb
- 6bc8e3505d9f51368ddf323acb6abc49
- dcb0e301261b81e5888c0ba6a8ce887b8ed52e5d
- dc9938f51150d13a69fc25f3f19052eacb1bf0a086fd5cf39762501fb3ddd7da
- 1898d056463284d849801cbdea6a3dec6c9f568f01569912c3868a5eea9a5449
- 03dd0efa84d145d7d4ed8e240267e5c5
- 765508aa2ec6a1b73a76a23f4fa559d32355622748c91a46ed7b315eae2ee60a
- a768244ca664349a6d1af84a712083c0
- 24f6c0ca39b2a5593086ff56d818ddfbde121f8e44d54faa762e510397dc9db7
- 1b2a1e41a7f65b8d9008aa631f113cef36577e912c13f223ba8834bbefa4bd14
- 31800380c359143ae82c4f9011eee653dd22443d03d6a499148203bbfc275502
- 16bad42a397db2e075e09b5b9dd53aaa67b495a4
- 1d10d8f5a420d0e4683b4cb40bcf0c984d1e7ea1f3b4442a00a525584632ac11
- d26bfb0147f60dc6500a9298d521ee67b49daaf4b8f8be54e7cc8fd86a597570
- 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
- dd475afd948cc22caa2a0f934d0aec52
- 60aeb9f7bccf377ff02ed64783e66a62c0f976878d9729b067bc7e5b0b9da9d6
- 82ed942a52cdcf120a8919730e00ba37619661a3
- c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
- 5cc212f84d2bf3fbab165aaf09b16e00fcf2f1ccd880d24b14404c53dcdbf241
- 13ca66d08c04e5be77582f5dd4ab6ca28563b6d9
- 31c3574456573c89d444478772597db40f075e25c67b8de39926d2faa63ca1d8
- 9c35444bdfddbbe92efb045ba93c7fab
- 8d1a22c430252f29611766b8e4a82af0fba60d609246463466b384d6d4793df4
- 70331fdf528f4f5b75b5e30427e379bc88aa05b4
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for sinobi
CVE-2024-40766
Defense Evasion
T1070
Indicator Removal
T1562.001
Disable or Modify Tools
Execution
T1059.001
PowerShell
Impact
T1486
Data Encrypted for Impact
T1490
Inhibit System Recovery
Lateral Movement
T1021.001
Remote Desktop Protocol
Persistence
T1543.003_1
Windows Service
Victims(200)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Neurotrials Research Inc | — | US United States | Healthcare | Claimed | about 1 month ago | |
| Scales and Associates Inc | — | US United States | Professional Services | Claimed | about 1 month ago | |
| Unre3d | — | CN China | Technology | Claimed | about 2 months ago | |
| Bay State Land Services | — | US United States | Other | Claimed | about 2 months ago | |
| Celeris Networks | — | US United States | Technology | Claimed | about 2 months ago | |
| Positiwise Infotech Pvt | — | IN India | Technology | Claimed | about 2 months ago | |
| Amerinational Management Services (AMS) | ourams.com | US United States | Professional Services | Claimed | 3 months ago | |
| Elgi Electric & Industries | elgielectric.com | IN India | Manufacturing | Claimed | 3 months ago | |
| Interpack Northwest | interpacknorthwest.com | US United States | Other | Claimed | 3 months ago | |
| Summa Energy | summaenergy.com | US United States | Energy & Utilities | Claimed | 3 months ago | |
| Teco | teco.com | US United States | Energy & Utilities | Claimed | 3 months ago | |
| McAfee Tool & Die | mcafeetool.com | US United States | Manufacturing | Claimed | 3 months ago | |
| Eco Sound Builders | ecosoundbuilders.com | US United States | Other | Claimed | 3 months ago | |
| Graymatter | graymatter.com | GB United Kingdom | Technology | Claimed | 4 months ago | |
| Iblesoft | iblesoft.com | US United States | Technology | Claimed | 4 months ago | |
| Mayfair Hotels & Resorts | mayfairhotels.com | IN India | Hospitality | Claimed | 4 months ago | |
| Gentegra | gentegra.com | US United States | Technology | Claimed | 4 months ago | |
| Electriduct | electriduct.com | US United States | Manufacturing | Claimed | 4 months ago | |
| Saltech Systems | saltechsystems.com | US United States | Technology | Claimed | 4 months ago | |
| The Sundher Group | sundhergroup.com | CA Canada | Other | Claimed | 4 months ago |
Page 1 of 10
Affected countries(56)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇪Belgium🇧🇷Brazil🇧🇸Bahamas🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇲Dominica🇪🇸Spain🇪🇹Ethiopia🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇭🇰Hong Kong🇮🇩Indonesia🇮🇱Israel🇮🇳India🇮🇹ItalyJersey🇯🇵Japan🇰🇪KenyaKorea, Republic of🇲🇦Morocco🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇳🇴Norway🇳🇿New Zealand🇵🇪Peru🇵🇭Philippines🇵🇱PolandPuerto Rico🇵🇹Portugal🇵🇾Paraguay🇷🇴RomaniaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇸🇮Slovenia🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇸United StatesVenezuela, Bolivarian Republic of🇿🇦South Africa