GOLD FLANDERS
Intelligence Profile
GOLD FLANDERS is a financially motivated group responsible for distributed denial of service (DDOS) attacks linked to extortion emails demanding between 5 and 30 bitcoins. The attacks consist mostly of fragmented UDP packets (DNS and NTP reflection) as well as other traffic that can vary per victim. The arrival of the extortion email is timed to coincide with a DDOS attack consisting of traffic between 20 Gbps and 200 Gbps and 12-15 million packets per second, lasting between 20 and 70 minutes targeted at a particular Autonomous System Number (ASN) or group of IP addresses. In some cases victim organisations have replied to these extortion emails and received personal replies from GOLD FLANDERS operators within 20 minutes.
Threat Analysis
GOLD FLANDERS is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like GOLD FLANDERS prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, GOLD FLANDERS is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.