| ID | Votes | Profile Description |
|---|---|---|
| Sednit | 9 | Sednit, also known as APT28, Fancy Bear, Pawn Storm, Sofacy Group, BlueDelta, and Strontium, is a threat actor associated with Russia's military intelligence. The group has been active since at least 2007, primarily targeting governments, militaries, and security organizations worldwide. Notably, Se |
| Forest Blizzard | 9 | Forest Blizzard, also known as APT28, Fancy Bear, and Strontium, is a threat actor linked to the Russian General Staff Main Intelligence Directorate (GRU) and the 85th Main Special Service Center (GTsSS). The group has been involved in persistent espionage campaigns against European countries, which |
| Fancy Bear | 8 | Fancy Bear is a sophisticated Russian-based threat actor, also known as Sofacy or APT 28, that has been active since the mid-2000s. Fancy Bear is responsible for targeted intrusion campaigns against the Aerospace, Defense, Energy, Government and Media sectors. At the DNC, both Cozy Bear and Fancy Be |
| Pawn Storm | 7 | Pawn Storm, also known as APT28, Fancy Bear, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor that has been active since at least 2007. This group is notorious for targeting governments, militaries, and security organizations worldwide. The cybersecurity industry identifies Pawn Sto |
| Sandworm | 7 | Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio |
| STRONTIUM | 6 | Strontium, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor linked to Russia's General Staff Main Intelligence Directorate (GRU). Active since at least 2007, the group has targeted governments, militaries, and security organizations worldwide. Strontium's |
| Sofacy | 6 | Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e |
| Fighting Ursa | 5 | Fighting Ursa, also known as APT28, Fancy Bear, and Sofacy, is a highly active Russian cyber threat actor with a notorious history of carrying out high-profile attacks. The group has been linked to significant cyber offensives including US election interference in 2016, the NotPetya attacks, the Oly |
| Sofacy Group | 4 | The Sofacy Group, also known as APT28, Fancy Bear, Pawn Storm, Sednit, BlueDelta, and STRONTIUM, is a well-established threat actor that has been active since at least 2007. This group, which could be an individual, a private company, or part of a government entity, has targeted governments, militar |
| Fancybear | 3 | Fancybear, also known as APT28, Forest Blizzard, or Strontium, is a threat actor linked to Russia that has been involved in various cyber espionage operations. These operations have targeted European countries and have been condemned by both NATO and the European Union. This group has demonstrated a |
| Ursa | 3 | Ursa is a highly active and motivated malware threat actor, also known as APT28, Fancy Bear, and Sofacy, which has been linked to various high-profile cyberattacks, including the US election interference in 2016 and the NotPetya attacks. The group is known for its use of the HeadLace backdoor malwar |
| Itg05 | 2 | ITG05, also known as Fancy Bear, Forest Blizzard, and APT28, among other aliases, is a sophisticated threat actor that has been involved in several cyber operations with malicious intent. The group has been leveraging the Israel-Hamas conflict to deliver Headlace malware, targeting non-governmental |
| Regeorg | 2 | Regeorg is a threat actor known for its malicious activities in the cyber landscape. Notably, operators of LuckyMouse initiated an attack by dropping the Nbtscan tool in C:\programdata\, followed by installing a variant of the ReGeorg webshell and issuing a GET request using curl. They then tried to |
| IRON TWILIGHT | 2 | IRON TWILIGHT is a threat actor believed to be associated with the GRU, Russia's military intelligence agency. This association has been suggested by various researchers, including those from CrowdStrike and CTU, based on the characteristics of the group's activities. The group became particularly a |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Moobot | has used | 4 | Moobot is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate these systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat |
| Zebrocy | has used | 3 | Zebrocy is a well-documented Trojan malware that infiltrates systems to gather specific system information. Once installed, it sends the collected data to its Command and Control (C2) server via an HTTP POST request. The Zebrocy variant also captures a screenshot of the victim's host and transmits i |
| OCEANMAP | Unspecified | 2 | OceanMap is a C#-based malware used by APT28, a Russia-linked group, as part of a sophisticated cyber attack campaign that started in 2020. The malware is designed to execute base64-encoded commands via cmd.exe, providing persistent and remote access to the targeted endpoint. Once a command is execu |
| Steelhook | Unspecified | 2 | Steelhook is a malicious PowerShell script used by the Russia-linked Advanced Persistent Threat group, APT28, to steal sensitive information from compromised systems. The malware was discovered as part of a phishing campaign orchestrated by APT28, as reported by the Computer Emergency Response Team |
| NotPetya | Unspecified | 2 | NotPetya is a notorious malware that emerged in 2017, widely attributed to the Russian hacking group APT28, also known as Sandworm. This malicious software was primarily an act of cyberwar against Ukraine, delivered through updates to MeDoc accounting software, a technique known as a supply chain at |
| Octopus | Unspecified | 2 | Octopus is a malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT29 | is related to | 6 | APT29, also known as Cozy Bear, Nobelium, The Dukes, Midnight Blizzard, BlueBravo, and the SVR group, is a Russia-linked threat actor notorious for its malicious cyber activities. In November 2023, this entity exploited a zero-day vulnerability in WinRAR software to launch attacks against various em |
| Frozenlake | has used | 5 | Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vuln |
| Gamaredon | is related to | 4 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the cybersecurity landscape. Notably, it has employed the USB worm LitterDrifter in a series of cyberattacks against Ukraine, demonstrating its capacity for sophisticated and disruptive |
| Cozy Bear | Unspecified | 3 | Cozy Bear, also known as APT29, Midnight Blizzard, and Nobelium, is a threat actor believed to operate out of Russia's Foreign Intelligence Service or SVR. This group has been linked to several high-profile cyber intrusions. One of the earliest identified activities of Cozy Bear was at the Democrati |
| Turla | Unspecified | 2 | Turla, a threat actor linked to Russia, is known for its sophisticated cyber-espionage activities. It has been associated with numerous high-profile attacks, employing innovative techniques and malware to infiltrate targets and execute actions with malicious intent. According to MITRE ATT&CK and MIT |
| Lazarus Group | Unspecified | 2 | The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in several high-profile cyber attacks and exploitation activities. The group's objective often involves establishing a kernel read/write primitive, which allows them to gain high-level access to systems and |
| APT40 | Unspecified | 2 | APT40 is a China-attributed cyber espionage group known for targeting countries strategically significant to the Belt and Road Initiative. The group has been linked to at least 51 different code families, exhibiting a broad range of capabilities. APT40 typically employs spear-phishing emails, often |
| Winter Vivern | Exploited | 2 | Winter Vivern, a threat actor group, has recently been identified as a significant cybersecurity concern due to its exploitation of a zero-day vulnerability in the Roundcube webmail software. This group, which could be a single individual, a private company, or part of a government entity, carries o |
| Apt44 | Unspecified | 2 | APT44, previously known as Sandworm, is a Russian military intelligence hacking team newly designated by Mandiant. The group has been active in conducting campaigns leveraging Sandworm malware since the start of 2023, primarily targeting Ukraine, Eastern Europe, and investigative journalists. APT44' |
| Midnight Blizzard | Unspecified | 2 | Midnight Blizzard, a Russia-linked threat actor, has been actively engaged in large-scale cyberespionage campaigns targeting organizations worldwide. The group, also known as APT29, SVR group, BlueBravo, Cozy Bear, Nobelium, and The Dukes, has been observed by Google's Threat Analysis Group (TAG) an |
| The Dukes | Unspecified | 2 | The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and Nobelium, is a threat actor widely believed to be linked to the Russian government. The group has been active since at least 2008, conducting cyber espionage operations against various governments, think tanks, diplomatic entities, an |
| NOBELIUM | Unspecified | 2 | Nobelium, a threat actor linked to Russia, has been identified as a significant cybersecurity concern due to its targeted attacks on diplomatic entities in France and other European Union (EU) governments. The group, known by various names including APT29, SVR Group, Cozy Bear, Midnight Blizzard, an |
| Lapsus | Unspecified | 2 | Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor |
| UNC2589 | Unspecified | 2 | UNC2589, also known as Frozenvista, is a threat actor that emerged as a significant cybersecurity concern in 2021. Notably linked to the Russian Armed Forces' Main Directorate of the General Staff (GRU), this group started deploying phishing attacks against Ukrainian organizations from April 2021, a |
| FIN7 | Unspecified | 2 | FIN7, a prominent threat actor in the cybercrime landscape, has been noted for its malicious activities and innovative tactics. Known for their relentless attacks on large corporations, FIN7 recently targeted a significant U.S. carmaker with phishing attacks, demonstrating their continued evolution |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-38831 | Targets | 4 | CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil |
| CVE-2022-38028 | Unspecified | 4 | None |
| CVE-2020-12641 | Targets | 3 | CVE-2020-12641 is a significant vulnerability discovered in the Roundcube Webmail application. It is an issue that arises from a flaw in the software's design or implementation, which allows for Command Injection and Cross-Site Scripting (XSS) attacks (CVE-2020-35730). The exploitation of this vulne |
| CVE-2017-6742 | Targets | 3 | None |
| CVE-2021-44026 | Targets | 3 | None |
| CVE-2020-35730 | Targets | 3 | CVE-2020-35730 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail, first discovered three years ago. The flaw has been actively exploited by threat actors in various campaigns. In the BlueDelta and APT28 campaigns, spear-phishing techniques were employed, with email attachments desig |
| CVE-2021-40444 | Unspecified | 2 | None |
| Follina | Targets | 2 | Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou |
| CVE-2022-30190 | Unspecified | 2 | CVE-2022-30190, also known as the "Follina" vulnerability, is a high-risk software flaw in the Microsoft Support Diagnostic Tool that allows for remote code execution. This 0-day vulnerability was disclosed in May 2022 and has since been exploited by threat actors, including TA413, who weaponized it |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| DARKReading | 2 days ago | Biden Files Charges Against Russian Election Meddlers | |
| Securityaffairs | 2 days ago | Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)? | |
| DARKReading | 24 days ago | DNC Credentials Compromised by 'IntelFetch' Telegram Bot | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| DARKReading | a month ago | Russia's 'Fighting Ursa' APT Uses Car Ads to Install HeadLace Malware | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| Securityaffairs | a month ago | Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware | |
| Unit42 | a month ago | Fighting Ursa Luring Targets With Car for Sale | |
| CERT-EU | 6 months ago | Emulating the Sabotage-Focused Russian Adversary Sandworm | |
| CERT-EU | 6 months ago | Russian hackers unleash sophisticated phishing campaigns across the globe | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| DARKReading | 2 months ago | 'Trial' DDoS Attacks on French Sites Portend Greater Olympics Threats | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| Recorded Future | 2 months ago | GRU's BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Camp | Recorded Future | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 1 | |
| DARKReading | 2 months ago | Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks | |
| Securityaffairs | 2 months ago | Polish government investigates Russia-linked cyberattack on state news agency | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| BankInfoSecurity | 2 months ago | Russian Indicted for Wiper Malware Campaign Against Ukraine |