The Maze Ransomware Group announced in 2020 that it would shut down its operations after stealing and exposing sensitive data of several high-profile targets. But have they really ceased their operations?
WhoisXML API researchers uncovered an active network of domains that could be connected to the threat group. Among our key findings include:
- 400+ domains using the same text strings and nameservers as the Maze ransomware IoCs
- 4,000+ domains sharing the same registrant email addresses as the IoCs
- More than half of the artifacts had active IP resolutions, with several screenshot results warning the researchers of phishing
- About 10% of the artifacts have been reported as malicious
Get access to our findings and uncover more on your own. Download the report now.