Periwinkle Tempest (formerly DEV-0193) is responsible for developing, distributing, and managing many different payloads, including Trickbot, Bazaloader, and AnchorDNS. In addition, Periwinkle Tempest managed the Ryuk ransomware as a service program before the latter’s shutdown in June 2021, and Ryuk’s successor, Conti as well as Diavol. Microsoft has been tracking the activities of Periwinkle Tempest since October 2020 and has observed their expansion from developing and distributing the Trickbot malware to becoming the most prolific ransomware-associated cybercriminal activity group active today. As other malware operations have shut down for various reasons, including legal actions, Periwinkle Tempest has hired developers from Emotet, Qakbot, and IcedID.
Nation State Actor Periwinkle Tempest
Also known as: Industries targeted:
Trickbot LLC Education
Healthcare