Alias Description | Votes |
---|---|
Sednit is a possible alias for APT28. Sednit, also known as APT28, Fancy Bear, Pawn Storm, Sofacy Group, BlueDelta, and Strontium, is a threat actor associated with Russia's military intelligence. The group has been active since at least 2007, primarily targeting governments, militaries, and security organizations worldwide. Notably, Se | 9 |
Forest Blizzard is a possible alias for APT28. Forest Blizzard, also known as APT28, Fancy Bear, and Strontium, is a threat actor linked to the Russian General Staff Main Intelligence Directorate (GRU) and the 85th Main Special Service Center (GTsSS). The group has been involved in persistent espionage campaigns against European countries, which | 9 |
Fancy Bear is a possible alias for APT28. Fancy Bear is a sophisticated Russian-based threat actor, also known as Sofacy or APT 28, that has been active since the mid-2000s. Fancy Bear is responsible for targeted intrusion campaigns against the Aerospace, Defense, Energy, Government and Media sectors. At the DNC, both Cozy Bear and Fancy Be | 8 |
Pawn Storm is a possible alias for APT28. Pawn Storm, also known as APT28, Fancy Bear, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor that has been active since at least 2007. The group is notorious for its complex operations that steal victims' credentials to enable surveillance or intrusion operations. It has targeted g | 7 |
Sandworm is a possible alias for APT28. Sandworm, also known as APT44, is a Russia-linked threat actor believed to be actively supporting Russian military activities in Ukraine. This group has been involved in several high-profile cyberattacks, demonstrating advanced capabilities and persistent efforts to compromise key infrastructures. S | 7 |
STRONTIUM is a possible alias for APT28. Strontium, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor linked to Russia's General Staff Main Intelligence Directorate (GRU). Active since at least 2007, the group has targeted governments, militaries, and security organizations worldwide. Strontium's | 6 |
Sofacy is a possible alias for APT28. Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e | 6 |
Fighting Ursa is a possible alias for APT28. Fighting Ursa, also known as APT28, Fancy Bear, and Sofacy, is a highly active Russian cyber threat actor with a notorious history of carrying out high-profile attacks. The group has been linked to significant cyber offensives including US election interference in 2016, the NotPetya attacks, the Oly | 5 |
Sofacy Group is a possible alias for APT28. The Sofacy Group, also known as APT28, Fancy Bear, Pawn Storm, Sednit, BlueDelta, and STRONTIUM, is a well-established threat actor that has been active since at least 2007. This group, which could be an individual, a private company, or part of a government entity, has targeted governments, militar | 4 |
Ursa is a possible alias for APT28. Ursa is a highly active and motivated malware threat actor, also known as APT28, Fancy Bear, and Sofacy, which has been linked to various high-profile cyberattacks, including the US election interference in 2016 and the NotPetya attacks. The group is known for its use of the HeadLace backdoor malwar | 3 |
Fancybear is a possible alias for APT28. Fancybear, also known as APT28, Forest Blizzard, or Strontium, is a threat actor linked to Russia that has been involved in various cyber espionage operations. These operations have targeted European countries and have been condemned by both NATO and the European Union. This group has demonstrated a | 3 |
Itg05 is a possible alias for APT28. ITG05, also known as Fancy Bear, Forest Blizzard, and APT28, among other aliases, is a sophisticated threat actor that has been involved in several cyber operations with malicious intent. The group has been leveraging the Israel-Hamas conflict to deliver Headlace malware, targeting non-governmental | 2 |
Regeorg is a possible alias for APT28. Regeorg is a threat actor known for its malicious activities in the cyber landscape. Notably, operators of LuckyMouse initiated an attack by dropping the Nbtscan tool in C:\programdata\, followed by installing a variant of the ReGeorg webshell and issuing a GET request using curl. They then tried to | 2 |
IRON TWILIGHT is a possible alias for APT28. IRON TWILIGHT is a threat actor believed to be associated with the GRU, Russia's military intelligence agency. This association has been suggested by various researchers, including those from CrowdStrike and CTU, based on the characteristics of the group's activities. The group became particularly a | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Moobot Malware is associated with APT28. Moobot is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate these systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat | has used | 4 |
The Zebrocy Malware is associated with APT28. Zebrocy is a malicious software (malware) known for its capability to exploit and damage computer systems. It infiltrates the system through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. The Zebrocy Trojan, a varian | has used | 3 |
The Steelhook Malware is associated with APT28. Steelhook is a malicious PowerShell script used by the Russia-linked Advanced Persistent Threat group, APT28, to steal sensitive information from compromised systems. The malware was discovered as part of a phishing campaign orchestrated by APT28, as reported by the Computer Emergency Response Team | Unspecified | 2 |
The NotPetya Malware is associated with APT28. NotPetya is a notorious malware that surfaced in 2017, causing significant global damage while primarily targeting Ukraine's infrastructure. Disguised as ransomware, it was different from other similar malicious programs like WannaCry, TeslaCrypt, and DarkSide because it was data destructive, posing | Unspecified | 2 |
The Octopus Malware is associated with APT28. Octopus is a malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for | Unspecified | 2 |
The OCEANMAP Malware is associated with APT28. OceanMap is a C#-based malware used by APT28, a Russia-linked group, as part of a sophisticated cyber attack campaign that started in 2020. The malware is designed to execute base64-encoded commands via cmd.exe, providing persistent and remote access to the targeted endpoint. Once a command is execu | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The APT29 Threat Actor is associated with APT28. APT29, also known as Midnight Blizzard, Nobelium, or Cozy Bear, is a notorious threat actor linked to Russia. This entity has been involved in various cyber-attacks with malicious intent and its primary modus operandi involves collecting foreign intelligence and maintaining persistence in compromise | is related to | 6 |
The Frozenlake Threat Actor is associated with APT28. Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vuln | has used | 5 |
The Gamaredon Threat Actor is associated with APT28. Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as one of the most active threat actors in Ukraine, particularly since Russia's invasion of Ukraine in 2022. The group has been known to employ a variety of tools and techniques for cyberespionage, including downloaders | is related to | 4 |
The Cozy Bear Threat Actor is associated with APT28. Cozy Bear, also known as APT29 and associated with names like Midnight Blizzard, Nobelium, and The Dukes, is a threat actor believed to be linked with the Russian state. This group has been involved in numerous cyber espionage activities, demonstrating proficiency across multiple operating systems a | Unspecified | 3 |
The APT40 Threat Actor is associated with APT28. APT40, a Chinese cyber espionage group suspected to be affiliated with China's Ministry of State Security, has been actively conducting cyberespionage campaigns against government and private organizations in multiple countries. This threat actor typically targets nations strategically significant t | Unspecified | 2 |
The Winter Vivern Threat Actor is associated with APT28. Winter Vivern, a malicious threat actor, has been identified as the entity behind recent cyberattacks targeting several European government organizations. The group exploited a zero-day vulnerability in the Roundcube webmail software, using it to launch their offensive operations. This advanced pers | Exploited | 2 |
The Apt44 Threat Actor is associated with APT28. APT44, also known as Sandworm, is a threat actor newly designated by Mandiant and associated with the Russian military intelligence hacking team. This group has been active since the start of 2023, conducting campaigns leveraging Sandworm malware, primarily targeting Ukraine, Eastern Europe, and inv | Unspecified | 2 |
The Midnight Blizzard Threat Actor is associated with APT28. Midnight Blizzard, a Russia-linked Advanced Persistent Threat (APT) group also known as APT29, Cozy Bear, Nobelium, and The Dukes, has been actively involved in large-scale cyberespionage campaigns targeting organizations worldwide. This threat actor has demonstrated sophisticated capabilities to br | Unspecified | 2 |
The The Dukes Threat Actor is associated with APT28. The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and Nobelium, is a threat actor associated with the Russian government that has been active since at least 2008. Notably, this group was implicated in the 2015 attack on the American Democratic National Committee (DNC). The FBI alerted th | Unspecified | 2 |
The NOBELIUM Threat Actor is associated with APT28. Nobelium, a threat actor linked to Russia, has been identified as a significant cybersecurity concern due to its persistent and sophisticated cyber-espionage campaigns. Known also by various other names such as APT29, Cozy Bear, Midnight Blizzard, and The Dukes, Nobelium is believed to be operating | Unspecified | 2 |
The Lapsus Threat Actor is associated with APT28. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor | Unspecified | 2 |
The UNC2589 Threat Actor is associated with APT28. UNC2589, also known as Frozenvista, is a threat actor that emerged as a significant cybersecurity concern in 2021. Notably linked to the Russian Armed Forces' Main Directorate of the General Staff (GRU), this group started deploying phishing attacks against Ukrainian organizations from April 2021, a | Unspecified | 2 |
The FIN7 Threat Actor is associated with APT28. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 2 |
The Turla Threat Actor is associated with APT28. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures ( | Unspecified | 2 |
The Lazarus Group Threat Actor is associated with APT28. The Lazarus Group, a notorious threat actor linked to North Korea, is among the most prolific and dangerous cyber threat actors in operation. They have been involved in numerous cyber-attacks worldwide, with significant efforts put into their social engineering strategies. Their activities include e | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CVE-2023-38831 Vulnerability is associated with APT28. CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil | Targets | 4 |
The vulnerability CVE-2022-38028 is associated with APT28. | Unspecified | 4 |
The CVE-2020-35730 Vulnerability is associated with APT28. CVE-2020-35730 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail, first discovered three years ago. The flaw has been actively exploited by threat actors in various campaigns. In the BlueDelta and APT28 campaigns, spear-phishing techniques were employed, with email attachments desig | Targets | 3 |
The CVE-2020-12641 Vulnerability is associated with APT28. CVE-2020-12641 is a significant vulnerability discovered in the Roundcube Webmail application. It is an issue that arises from a flaw in the software's design or implementation, which allows for Command Injection and Cross-Site Scripting (XSS) attacks (CVE-2020-35730). The exploitation of this vulne | Targets | 3 |
The vulnerability CVE-2017-6742 is associated with APT28. | Targets | 3 |
The vulnerability CVE-2021-44026 is associated with APT28. | Targets | 3 |
The vulnerability CVE-2021-40444 is associated with APT28. | Unspecified | 2 |
The Follina Vulnerability is associated with APT28. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product, | Targets | 2 |
The CVE-2022-30190 Vulnerability is associated with APT28. CVE-2022-30190, also known as the "Follina" vulnerability, is a high-risk software flaw in the Microsoft Support Diagnostic Tool that allows for remote code execution. This 0-day vulnerability was disclosed in May 2022 and has since been exploited by threat actors, including TA413, who weaponized it | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
BankInfoSecurity | a month ago | ||
BankInfoSecurity | 2 months ago | ||
BankInfoSecurity | 2 months ago | ||
BankInfoSecurity | 2 months ago | ||
Checkpoint | 2 months ago | ||
DARKReading | 2 months ago | ||
Securityaffairs | 2 months ago | ||
DARKReading | 2 months ago | ||
Securityaffairs | 3 months ago | ||
DARKReading | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Unit42 | 3 months ago | ||
CERT-EU | 8 months ago | ||
CERT-EU | 7 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
DARKReading | 3 months ago | ||
Securityaffairs | 4 months ago | ||
Recorded Future | 4 months ago |