Dubbed SnapMC, the hacking group attempts to exploit multiple vulnerabilities in webserver and VPN applications for initial access and typically compromises victim networks in under 30 minutes.

The group then exfiltrates victim data to leverage it for extortion, but doesn’t use ransomware or other means of disrupting the victim’s operations.

SnapMC threatens to publish the stolen data online unless a ransom is paid, provides victims with a list of the stolen data as evidence of breach, and even goes through with the threats.