Alias Description | Votes |
---|---|
Forest Blizzard is a possible alias for APT28. Forest Blizzard, also known as APT28, Fancy Bear, and Strontium, is a notorious threat actor linked to Russia. In April 2022, this group gained control over a botnet which was then employed for persistent espionage campaigns. The group has shown consistent and lasting repetitions in its tactics, tec | 9 |
Sednit is a possible alias for APT28. Sednit, also known as APT28, Fancy Bear, Strontium/Forest Blizzard, Pawn Storm, Sofacy, and BlueDelta, is a threat actor group associated with Russia’s military intelligence. This group has been active since at least 2007, targeting governments, militaries, and security organizations worldwide. Sedn | 9 |
Fancy Bear is a possible alias for APT28. Fancy Bear is a sophisticated Russian-based threat actor, also known as Sofacy or APT 28, that has been active since the mid-2000s. Fancy Bear is responsible for targeted intrusion campaigns against the Aerospace, Defense, Energy, Government and Media sectors. At the DNC, both Cozy Bear and Fancy Be | 8 |
Pawn Storm is a possible alias for APT28. Pawn Storm, also known as APT28, Fancy Bear, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor that has been active since at least 2007. The group is notorious for its complex operations that steal victims' credentials to enable surveillance or intrusion operations. It has targeted g | 7 |
Sandworm is a possible alias for APT28. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c | 7 |
STRONTIUM is a possible alias for APT28. Strontium, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor linked to Russia's General Staff Main Intelligence Directorate (GRU). Active since at least 2007, the group has targeted governments, militaries, and security organizations worldwide. Strontium's | 6 |
Sofacy is a possible alias for APT28. Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e | 6 |
Fighting Ursa is a possible alias for APT28. Fighting Ursa, also known as APT28, Fancy Bear, and Sofacy, is a highly active Russian cyber threat actor with a notorious history of carrying out high-profile attacks. The group has been linked to significant cyber offensives including US election interference in 2016, the NotPetya attacks, the Oly | 5 |
Sofacy Group is a possible alias for APT28. The Sofacy Group, also known as APT28, Fancy Bear, Pawn Storm, Sednit, BlueDelta, and STRONTIUM, is a well-established threat actor that has been active since at least 2007. This group, which could be an individual, a private company, or part of a government entity, has targeted governments, militar | 4 |
Ursa is a possible alias for APT28. Ursa is a highly active and motivated malware threat actor, also known as APT28, Fancy Bear, and Sofacy, which has been linked to various high-profile cyberattacks, including the US election interference in 2016 and the NotPetya attacks. The group is known for its use of the HeadLace backdoor malwar | 3 |
Fancybear is a possible alias for APT28. Fancybear, also known as APT28, Forest Blizzard, or Strontium, is a threat actor linked to Russia that has been involved in various cyber espionage operations. These operations have targeted European countries and have been condemned by both NATO and the European Union. This group has demonstrated a | 3 |
Itg05 is a possible alias for APT28. ITG05, also known as Fancy Bear, Forest Blizzard, and APT28, among other aliases, is a sophisticated threat actor that has been involved in several cyber operations with malicious intent. The group has been leveraging the Israel-Hamas conflict to deliver Headlace malware, targeting non-governmental | 3 |
IRON TWILIGHT is a possible alias for APT28. IRON TWILIGHT is a threat actor believed to be associated with the GRU, Russia's military intelligence agency. This association has been suggested by various researchers, including those from CrowdStrike and CTU, based on the characteristics of the group's activities. The group became particularly a | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Moobot Malware is associated with APT28. Moobot is a malicious software (malware) that is based on the Mirai platform. This malware was designed to infiltrate devices and systems, often through suspicious downloads, emails, or websites without user knowledge. Once inside a system, Moobot facilitated targeted attacks against various entitie | has used | 4 |
The Zebrocy Malware is associated with APT28. Zebrocy is a malicious software (malware) known for its capability to exploit and damage computer systems. It infiltrates the system through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. The Zebrocy Trojan, a varian | has used | 3 |
The NotPetya Malware is associated with APT28. NotPetya is a destructive malware that posed as ransomware, causing significant global damage in 2017. Despite its appearance as ransomware, NotPetya was not designed to extort money but rather to destroy data and disrupt operations, particularly targeting Ukraine's infrastructure. NotPetya was attr | Unspecified | 2 |
The Octopus Malware is associated with APT28. Octopus is a malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for | Unspecified | 2 |
The OCEANMAP Malware is associated with APT28. OceanMap is a C#-based malware used by APT28, a Russia-linked group, as part of a sophisticated cyber attack campaign that started in 2020. The malware is designed to execute base64-encoded commands via cmd.exe, providing persistent and remote access to the targeted endpoint. Once a command is execu | Unspecified | 2 |
The Steelhook Malware is associated with APT28. Steelhook is a malicious PowerShell script used by the Russia-linked Advanced Persistent Threat group, APT28, to steal sensitive information from compromised systems. The malware was discovered as part of a phishing campaign orchestrated by APT28, as reported by the Computer Emergency Response Team | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The APT29 Threat Actor is associated with APT28. APT29, also known as Midnight Blizzard and linked to Russia's Foreign Intelligence Service (SVR), is a notorious threat actor that has been implicated in several high-profile cyberattacks. The group has demonstrated sophisticated capabilities, exploiting vulnerabilities such as the WinRAR 0day flaw | is related to | 6 |
The Frozenlake Threat Actor is associated with APT28. Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vuln | has used | 5 |
The Gamaredon Threat Actor is associated with APT28. Gamaredon, a Russia-aligned threat actor, has emerged as one of the most active Advanced Persistent Threat (APT) groups in Ukraine, particularly since Russia's 2022 invasion of the country. Composed of regular officers from the Russian Federal Security Service (FSB) and some former law enforcement o | is related to | 4 |
The Cozy Bear Threat Actor is associated with APT28. Cozy Bear, also known as APT29 and Midnight Blizzard, is a threat actor believed to be linked to the Russian government. This entity has been behind numerous cyberattacks with malicious intent, targeting various organizations and systems worldwide. The first significant intrusion attributed to Cozy | Unspecified | 3 |
The APT40 Threat Actor is associated with APT28. APT40, a threat actor attributed to China, is a cyber espionage group that primarily targets countries of strategic importance to the Belt and Road Initiative. The group is known for its use of a variety of attack vectors, notably spear-phishing emails posing as individuals likely to be of interest | Unspecified | 2 |
The Winter Vivern Threat Actor is associated with APT28. Winter Vivern, a malicious threat actor, has been identified as the entity behind recent cyberattacks targeting several European government organizations. The group exploited a zero-day vulnerability in the Roundcube webmail software, using it to launch their offensive operations. This advanced pers | Exploited | 2 |
The Apt44 Threat Actor is associated with APT28. APT44, also known as Sandworm, is a threat actor newly designated by Mandiant and associated with the Russian military intelligence hacking team. This group has been active since the start of 2023, conducting campaigns leveraging Sandworm malware, primarily targeting Ukraine, Eastern Europe, and inv | Unspecified | 2 |
The Midnight Blizzard Threat Actor is associated with APT28. Midnight Blizzard, also known as APT29 or Cozy Bear, is a Russia-linked threat actor associated with the country's Foreign Intelligence Service (SVR). Throughout 2024, the group has been implicated in several high-profile cyber-attacks, targeting global organizations and demonstrating sophisticated | Unspecified | 2 |
The The Dukes Threat Actor is associated with APT28. The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, Nobelium, and BlueBravo, is a threat actor associated with the Russian government. The group has been active since at least 2008 and has targeted various governments, think tanks, diplomatic entities, and political parties. Notably, in Se | Unspecified | 2 |
The NOBELIUM Threat Actor is associated with APT28. Nobelium, a Russia-linked Advanced Persistent Threat (APT) group also known as APT29, SVR Group, BlueBravo, Cozy Bear, Midnight Blizzard, and The Dukes, has been identified as a significant cybersecurity threat. In 2024, Nobelium targeted French diplomatic entities, posing a major concern to the int | Unspecified | 2 |
The Lapsus Threat Actor is associated with APT28. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor | Unspecified | 2 |
The UNC2589 Threat Actor is associated with APT28. UNC2589, also known as Frozenvista, is a threat actor that emerged as a significant cybersecurity concern in 2021. Notably linked to the Russian Armed Forces' Main Directorate of the General Staff (GRU), this group started deploying phishing attacks against Ukrainian organizations from April 2021, a | Unspecified | 2 |
The FIN7 Threat Actor is associated with APT28. FIN7, also known as Carbanak, Carbon Spider, Cobalt Group, and Navigator Group, is a notorious cybercrime group that has been active since 2012. The group is recognized for its advanced combination of malware and social engineering tactics, having executed numerous successful attacks against global | Unspecified | 2 |
The Turla Threat Actor is associated with APT28. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures ( | Unspecified | 2 |
The Lazarus Group Threat Actor is associated with APT28. The Lazarus Group, a notorious threat actor attributed to North Korea, is renowned for its malicious activities aimed at furthering the country's objectives. This group has been implicated in several high-profile cyber-attacks, including an attack in Spain known as Operation DreamJob. The exploitati | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CVE-2023-38831 Vulnerability is associated with APT28. CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil | Targets | 4 |
The vulnerability CVE-2022-38028 is associated with APT28. | Unspecified | 4 |
The vulnerability CVE-2017-6742 is associated with APT28. | Targets | 3 |
The vulnerability CVE-2021-44026 is associated with APT28. | Targets | 3 |
The CVE-2020-35730 Vulnerability is associated with APT28. CVE-2020-35730 is a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail, first discovered three years ago. The flaw has been actively exploited by threat actors in various campaigns. In the BlueDelta and APT28 campaigns, spear-phishing techniques were employed, with email attachments desig | Targets | 3 |
The CVE-2020-12641 Vulnerability is associated with APT28. CVE-2020-12641 is a significant vulnerability discovered in the Roundcube Webmail application. It is an issue that arises from a flaw in the software's design or implementation, which allows for Command Injection and Cross-Site Scripting (XSS) attacks (CVE-2020-35730). The exploitation of this vulne | Targets | 3 |
The vulnerability CVE-2021-40444 is associated with APT28. | Unspecified | 2 |
The Follina Vulnerability is associated with APT28. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product, | Targets | 2 |
The CVE-2022-30190 Vulnerability is associated with APT28. CVE-2022-30190, also known as the "Follina" vulnerability, is a high-risk software flaw in the Microsoft Support Diagnostic Tool that allows for remote code execution. This 0-day vulnerability was disclosed in May 2022 and has since been exploited by threat actors, including TA413, who weaponized it | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Securityaffairs | a month ago | ||
InfoSecurity-magazine | a month ago | ||
Securelist | a month ago | ||
DARKReading | 24 days ago | ||
Recorded Future | a month ago | ||
DARKReading | a month ago | ||
Securityaffairs | 2 months ago | ||
BankInfoSecurity | 3 months ago | ||
BankInfoSecurity | 3 months ago | ||
BankInfoSecurity | 3 months ago | ||
BankInfoSecurity | 3 months ago | ||
Checkpoint | 3 months ago | ||
DARKReading | 4 months ago | ||
Securityaffairs | 4 months ago | ||
DARKReading | 4 months ago | ||
Securityaffairs | 4 months ago | ||
DARKReading | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
Unit42 | 5 months ago |