A financially-motivated advance persistence threat group has been active since at least 2013. The group has been targeting restaurant, retail, and hospitality sectors since mid-2015. It has been regarded as one of the most successful criminal hacking groups to ever exist. REvil has also been used by the threat group until they reated their own RaaS (Ransomware as a Service), Darkside. The group has been behind many notorious hacks of 2018 and has also been linked to Ryuk.