I’ve been following this which is has been in the news a lot recently.
Rather than try and breach into organisations this group tends to recruit insiders to provide an easy way in.
One of the reasons why it’s so important to have immutable backups.
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
Krebs on Security