Lindsey O’Donnell-Welch writes:
A ransomware operator has continually rebranded itself over the past year in order to evade detection, while launching cyberattacks on critical infrastructure across several industries.
Researchers with Mandiant detailed a threat group called UNC2190, which is an operator behind an affiliate ransomware program. Since June, researchers said they have observed the group targeting the education, health and natural resources sectors in the U.S. and Canada. However, its activities trace back to at least July 2020, and since then the group has rebranded several times.
Most recently, they seem to have rebranded as Arcane and Sabbath. Read more on Decipher.