Cyber Resilience

Threat actor · all actors

EXOTIC LILYG1011 unknown

aka EXOTIC LILY

Last updated: 2026-07-03

0attributed CVEs
22ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[EXOTIC LILY](https://attack.mitre.org/groups/G1011) is a financially motivated group that has been closely linked with [Wizard Spider](https://attack.mitre.org/groups/G0102) and the deployment of ransomware including [Conti](https://attack.mitre.org/software/S0575) and [Diavol](https://attack.mitre.org/software/S0659). [EXOTIC LILY](https://attack.mitre.org/groups/G1011) may be acting as an initial access broker for other malicious actors, and has targeted a wide range of industries including IT, cybersecurity, and healthcare since at least September 2021.(Citation: Google EXOTIC LILY March 2022)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
AC-49 / 2241%
CA-79 / 2241%
SC-79 / 2241%
SI-39 / 2241%
SI-49 / 2241%
SC-448 / 2236%
CM-27 / 2232%
CM-67 / 2232%
SI-87 / 2232%
SI-26 / 2227%
CM-74 / 2218%
IA-93 / 2214%
SC-203 / 2214%
SI-73 / 2214%
AC-62 / 229%

Co-occurring actors

None.

Similar actors