ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
Threat Group Profile

sinobi

Dormant / historical
Victim claims 6
First seen May 2026
Last activity 05 May 2026
Tracked since Jul 2025

Group overview

Sinobi is a private vetted-affiliate RaaS group that emerged in mid-2025, believed to be a rebrand of the Lynx/INC ransomware lineage, claiming 176 victims by end of 2025 through double-extortion attacks primarily against mid-market US organizations via compromised SonicWall VPN credentials.

Preferred targets

Technology ยท 2 Healthcare ยท 1 Business Services ยท 1 Construction ยท 1

Most targeted countries

US ยท 3 IN ยท 1

Tactics & techniques (MITRE ATT&CK)

Initial Access

Valid Accounts Exploit Public-Facing Application Phishing

Execution

Command and Scripting Interpreter: PowerShell Command and Scripting Interpreter: Windows Command Shell Native API Exploitation for Client Execution System Services: Service Execution

Persistence

Create or Modify System Process: Windows Service

Privilege Escalation

Exploitation for Privilege Escalation

Defense Evasion

Obfuscated Files or Information Indicator Removal Indicator Removal: File Deletion Impair Defenses: Disable or Modify Tools

Discovery

Network Service Discovery File and Directory Discovery Account Discovery: Domain Account

Lateral Movement

Remote Services: Remote Desktop Protocol

Exfiltration

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Victim Claims Timeline

Back to radar
Neurotrials Research Inc
๐Ÿ‡บ๐Ÿ‡ธ US Healthcare neurotrials.com
Scales and Associates Inc
๐Ÿ‡บ๐Ÿ‡ธ US Business Services scalesassoc.com
Positiwise Infotech Pvt
๐Ÿ‡ฎ๐Ÿ‡ณ IN Technology
Celeris Networks
Unknown Technology
Bay State Land Services
๐Ÿ‡บ๐Ÿ‡ธ US Construction
Unre3d
Unknown