The FBI said in April 2022 the group had leased its ransomware to others that has resulted in compromises of at least 60 entities worldwide. He said many of the members of the group are young native English speakers who are “incredibly effective social engineers.” They have started deploying ransomware encryptors and sometimes expose victims on infrastructure used by another hacking group, ALPHV. Charles Carmakal, chief technical officer for Mandiant Inc., part of Google Cloud, described the hackers as “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.” Mandiant first came across the group in May 2022.