Cyber Resilience

Threat actor · all actors

GOLD SOUTHFIELDG0115 unknown

aka GOLD SOUTHFIELD, Pinchy Spider

Last updated: 2026-07-03

1attributed CVEs
12ATT&CK techniques
1.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) is a financially motivated threat group active since at least 2018 that operates the [REvil](https://attack.mitre.org/software/S0496) Ransomware-as-a Service (RaaS). [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) provides backend infrastructure for affiliates recruited on underground forums to perpetrate high value deployments. By early 2020, [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) started capitalizing on the new trend of stealing data and further extorting the victim to pay for their data to not get publicly leaked.(Citation: Secureworks REvil September 2019)(Citation: Secureworks GandCrab and REvil September 2019)(Citation: Secureworks GOLD SOUTHFIELD)(Citation: CrowdStrike Evolution of Pinchy Spider July 2021)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-610 / 1283%
SI-49 / 1275%
AC-38 / 1267%
CM-78 / 1267%
SI-38 / 1267%
CM-27 / 1258%
RA-57 / 1258%
SI-27 / 1258%
SI-77 / 1258%
AC-66 / 1250%
CA-76 / 1250%
AC-45 / 1242%
CM-85 / 1242%
SC-75 / 1242%
SI-105 / 1242%

Co-occurring actors

Similar actors

Overlapping CVEs