GOLD Southfield — Threat Actor Profile, Campaigns & Targets

Threat entity extracted from intelligence sources

Frequency
2
occurrences
First Seen
May 26, 2026
Last Seen
June 3, 2026

GOLD Southfield is a apt_group tracked across 2 threat clusters and 2 intelligence report mentions on ThreatCluster. First observed May 26, 2026; most recent activity June 3, 2026.

Related Threat Clusters

  • Exploitation of Remote Services in Cyber Attacks

    Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…

    2 articles · Updated June 3, 2026
  • Oncology Institute Data Breach Exposes Patient Data via Third-Party Vendor

    On May 20, 2026, The Oncology Institute, Inc. was notified of unauthorized access to its systems by Kroll, a third-party vendor. The incident, confirmed in an SEC filing on May 22, 2026, involved patient data…

    6 articles · Updated May 26, 2026

Recent Intelligence Reports

  • External Remote Services — attack.mitre.org · June 3, 2026
  • MITRE ATT&CK T1199 — attack.mitre.org · May 26, 2026

CVSS v3.1 Breakdown