Researchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. ShadowSyndicate has been identified as using a consistent SSH fingerprint across 85 servers.