ACTINIUM

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Actinium, also known as Primitive Bear or Shuckworm, is a notable threat actor in the realm of cyber espionage, primarily focusing on Ukraine. This group is one of several Russian government Advanced Persistent Threat (APT) hacking teams that have actively engaged in cyber operations against Ukraine. The Federal Security Service unit called Gamaredon, aka Actinium, launched a significant number of attacks in the second half of 2022. Other units involved include the GRU military intelligence unit APT28, aka Strontium and Fancy Bear; SVR units APT29, aka Nobelium and Cozy Bear; and UAC-0035, aka InvisiMole, which focuses on cyberespionage. In a recent development, Microsoft, which previously used an all-caps naming scheme linked to chemical elements like ACTINIUM and IRIDIUM to describe nation-state and other advanced malware tracking activity, has changed its naming convention for threat groups. Citing the complexity, scale, and volume of threats, Microsoft has moved away from names derived from atomic elements and adopted a two-name scheme based on storm terminology. For instance, the Russia-related group formerly known as ACTINIUM is now referred to as Aqua Blizzard. This shift in nomenclature does not diminish the importance of understanding and countering these threat actors. Their activities continue to pose significant risks to cybersecurity and national security. It's crucial for organizations and entities to remain vigilant and proactive in their defense strategies, ensuring they are equipped to identify, mitigate, and respond to these ever-evolving threats.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gamaredon
2
Gamaredon, a threat actor of Russian origin, has been implicated in a series of cyber-attacks targeting Ukraine through the use of a USB worm known as LitterDrifter. This Advanced Persistent Threat (APT) group is notorious for its malicious activities, which typically involve executing actions with
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the ACTINIUM Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a year ago
Threat Actor Names Proliferate, Adding Confusion
CERT-EU
a year ago
Warnung vor russischem Bedrohungsakteur Gamaredon : Wie man sich vor der Cyber-Bedrohung schützen kann – Global Security Mag Online
CERT-EU
a year ago
Microsoft Will Name Threat Actors After Weather Events
BankInfoSecurity
a year ago
Ukraine Tracks Increased Russian Focus on Cyberespionage
CERT-EU
6 months ago
Russian Hackers Have New Tools
CERT-EU
8 months ago
Slone Partners Places Cynthia Pussinen as Chief Executive Officer and Member of the Board of Directors at Sernova Corporation