sinobi

274 tracked victims

·first seen 2025-03-24·last activity 2026-05-05

Group profile

Sinobi is a private vetted-affiliate RaaS group that emerged in mid-2025, believed to be a rebrand of the Lynx/INC ransomware lineage, claiming 176 victims by end of 2025 through double-extortion attacks primarily against mid-market US organizations via compromised SonicWall VPN credentials.

MITRE ATT&CK TTPs

TA0001

Initial Access

T1078Valid Accounts
Use of valid credentials from MSPs (Managed Service Providers).
T1190Exploit Public-Facing Application
Exploitation of vulnerabilities in VPNs (SonicWall).
T1566Phishing

TA0002

Execution

T1059.001Command and Scripting Interpreter: PowerShell
Heavy use of PowerShell for script and in-memory command execution.
T1059.003Command and Scripting Interpreter: Windows Command Shell
T1106Native API
T1203Exploitation for Client Execution
T1569.002System Services: Service Execution

TA0003

Persistence

T1543.003Create or Modify System Process: Windows Service
Creation or modification of Windows services to ensure malware restart.

TA0004

Privilege Escalation

T1068Exploitation for Privilege Escalation

TA0005

Defense Evasion

T1027Obfuscated Files or Information
T1070Indicator Removal
Removal of event logs.
T1070.004Indicator Removal: File Deletion
T1562.001Impair Defenses: Disable or Modify Tools
Active disabling of EDR solutions (such as VMware Carbon Black).

TA0007

Discovery

T1046Network Service Discovery
T1083File and Directory Discovery
T1087.002Account Discovery: Domain Account

TA0008

Lateral Movement

T1021.001Remote Services: Remote Desktop Protocol
Use of RDP to navigate between servers after privilege escalation.

TA0010

Exfiltration

T1567.002Exfiltration Over Web Service: Exfiltration to Cloud Storage
Use of Rclone tool to send data to public cloud providers before encryption.

TA0011

Command and Control

T1573.001Encrypted Channel: Symmetric Cryptography

TA0040

Impact

T1486Data Encrypted for Impact
Data encryption via AES-128-CTR and Curve-25519, adding the .SINOBI extension.
T1489Service Stop
T1490Inhibit System Recovery
Deletion of Shadow Copies via vssadmin.exe.

TA0042

Resource Development

T1587.001Develop Capabilities: Malware
T1588.002Obtain Capabilities: Tool

Recent victims

showing 50 of 274

Date	Website / victim	Sector	Country
2026-05-05	Neurotrials Research Incneurotrials.com	Healthcare	US
2026-05-05	Scales and Associates Incscalesassoc.com	Business Services	US
2026-05-05	P Positiwise Infotech Pvt	Technology	IN
2026-05-05	C Celeris Networks	Technology
2026-05-05	B Bay State Land Services	Construction	US
2026-05-05	U Unre3d	Not Found
2026-03-17	Elgi Electric & Industrieselgielectric.com	Manufacturing	IN
2026-03-17	Amerinational Management Services (AMS)ourams.com	Business Services	US
2026-03-17	Summa Energywww.summaenergy.com	Energy	US
2026-03-17	Interpack Northwestwww.interpacknorthwest.com	Agriculture and Food Production	US
2026-03-17	Eco Sound Builderswww.ecosoundbuilders.com	Construction	US
2026-03-17	McAfee Tool & Diemcafeetool.com	Manufacturing	US
2026-03-17	Tecowww.teco.com	Energy	US
2026-02-19	Gentegrawww.gentegra.com	Technology	US
2026-02-19	Graymatterwww.graymatter.com	Technology	GB
2026-02-19	Iblesoftwww.iblesoft.com	Technology	US
2026-02-19	Saltech Systemswww.saltechsystems.com	Technology	US
2026-02-19	Electriductwww.electriduct.com	Manufacturing	US
2026-02-19	Mayfair Hotels & Resortswww.mayfairhotels.com	Hospitality and Tourism	IN
2026-02-10	Halcyon Technologieswww.halcyontechnologies.com	Technology	US
2026-02-10	BCS ProSoftwww.bcsprosoft.com	Technology	US
2026-02-10	The Sundher Groupsundhergroup.com	Agriculture and Food Production	CA
2026-02-10	Venescowww.venesco.com	Business Services	US
2026-02-10	Snyder Diamondswww.snyderdiamonds.com	Consumer Services	US
2026-02-10	Halcyontekwww.halcyontek.com	Technology	US
2026-02-05	Accountnetwww.accountnet.com	Financial Services	US
2026-02-05	Penn Fencingwww.pennfencing.com	Construction	US
2026-02-05	Excowww.exco.com	Business Services	US
2026-02-05	InfoMontrealwww.infomontreal.com	Technology	CA
2026-02-05	Western Slope Iron & Supplywsiron.com	Manufacturing	US
2026-02-05	Reilly Foam Corpwww.reillyfoam.com	Manufacturing	US
2026-01-27	LeMaticwww.lematic.com	Manufacturing	US
2026-01-27	Impressico Business Solutionsimpressico.com	Technology	IN
2026-01-27	Affordable Housing Management Overview Metricsaffordablehousingmanagementmetrics.com	Construction	US
2026-01-27	Active Green + Rosswww.activegreenross.com	Consumer Services	CA
2026-01-27	JP Researchwww.jpresearch.com	Technology	US
2026-01-27	FIAMPACKwww.fiampack.com	Consumer Services	IT
2026-01-27	Morison Insurance Brokerswww.morisoninsurance.com	Financial Services	CA
2026-01-27	Gallagher Transport Internationalgallaghertransport.com	Transportation/Logistics	US
2026-01-27	Ashcraftashcraftcompany.com	Manufacturing	US
2026-01-21	West Cary Groupwww.westcarygroup.com	Business Services	US
2026-01-21	OnSightonsight.com	Consumer Services	US
2026-01-21	Bayside Dentalwww.baysidedental.com	Healthcare	US
2026-01-21	Asian Heart Institutewww.asianheartinstitute.org	Healthcare	IN
2026-01-21	MODERNISTIC GARDEN & PET SUPPLY LTDwww.modernisticgardenpetsupply.com	Consumer Services	BS
2026-01-21	ShuBeewww.shubee.com	Business Services	US
2026-01-18	Talleyville Firewww.talleyvillefire.com	Public Sector	US
2026-01-18	Pivotal Healthcarewww.pivotalhealthcare.com	Healthcare	US
2026-01-18	Geoplinwww.geoplin.com	Energy	SI
2026-01-18	Bray Whalerwww.braywhaler.com	Hospitality and Tourism	US