| ID | Votes | Profile Description |
|---|---|---|
| Cozy Bear | 10 | Cozy Bear, also known as APT29, Midnight Blizzard, and Nobelium, is a threat actor believed to operate out of Russia's Foreign Intelligence Service or SVR. This group has been linked to several high-profile cyber intrusions. One of the earliest identified activities of Cozy Bear was at the Democrati |
| Midnight Blizzard | 8 | Midnight Blizzard, a Russia-linked threat actor, has been actively engaged in large-scale cyberespionage campaigns targeting organizations worldwide. The group, also known as APT29, SVR group, BlueBravo, Cozy Bear, Nobelium, and The Dukes, has been observed by Google's Threat Analysis Group (TAG) an |
| NOBELIUM | 6 | Nobelium, a threat actor linked to Russia, has been identified as a significant cybersecurity concern due to its targeted attacks on diplomatic entities in France and other European Union (EU) governments. The group, known by various names including APT29, SVR Group, Cozy Bear, Midnight Blizzard, an |
| Cloaked Ursa | 5 | Cloaked Ursa, also known as APT29, BlueBravo, Midnight Blizzard, and formerly Nobelium, is a Russian threat actor believed to be associated with Russia's Foreign Intelligence Service (SVR). The group has been active in conducting cyber-espionage attacks against various diplomatic entities throughout |
| The Dukes | 5 | The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and Nobelium, is a threat actor widely believed to be linked to the Russian government. The group has been active since at least 2008, conducting cyber espionage operations against various governments, think tanks, diplomatic entities, an |
| Bluebravo | 3 | BlueBravo, also known as APT29, Nobelium, and various other names, is a threat actor believed to be linked with the Russian government. This group has been implicated in multiple high-profile cyber-espionage incidents, including the 2020 SolarWinds attack and breaches against the Democratic National |
| UNC2452 | 3 | UNC2452, also known as APT29, Cozy Bear, Nobelium, and Midnight Blizzard, is a highly skilled and disciplined threat actor group linked to Russia's SVR intelligence agency. The group gained notoriety for its role in the SolarWinds compromise in December 2020, an extensive cyberattack that involved a |
| Cozybear | 3 | CozyBear, also known as APT29 and Midnight Blizzard, is a threat actor believed to be linked to the Russian state. This group has been actively engaged in cyber operations against Ukraine and its allies and has been involved in several major breaches, including attacks on Okta, Dropbox, Department o |
| YTTRIUM | 2 | Yttrium, also known as APT29, CozyBear, UNC2452, NOBELIUM, and Midnight Blizzard, is a prominent threat actor in the cybersecurity landscape. This group has been attributed to several significant cyber-attacks, with its activities largely overlapping with those attributed to APT29 or CozyBear, accor |
| StellarParticle | 2 | StellarParticle, a threat actor associated with the COZY BEAR adversary group, has been identified as a significant cybersecurity risk by CrowdStrike. StellarParticle is known for its extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and it has |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| EnvyScout | Unspecified | 4 | EnvyScout is a sophisticated malware used primarily by the threat actor group NOBELIUM, also known as APT29 or Cozy Bear. This malware, tracked by Microsoft and alternatively referred to as Rootsaw, is delivered via spear-phishing emails, often disguised with seemingly harmless attachments such as t |
| Rootsaw | Unspecified | 3 | Rootsaw, also known as EnvyScout, is a first-stage payload malware extensively used by state-sponsored group APT29 for their initial access efforts in collecting foreign political intelligence. The malware is typically deployed via phishing emails with HTML file attachments or .HTA files, which exec |
| SUNBURST | Unspecified | 3 | Sunburst is a sophisticated malware that has been linked to the Kazuar code, indicating its complexity. It was used in several well-known cyber attack campaigns such as SUNBURST, OilRig, xHunt, DarkHydrus, and Decoy Dog, which employed DNS tunneling techniques for command and control (C2) communicat |
| Ursa | Unspecified | 3 | Ursa is a highly active and motivated malware threat actor, also known as APT28, Fancy Bear, and Sofacy, which has been linked to various high-profile cyberattacks, including the US election interference in 2016 and the NotPetya attacks. The group is known for its use of the HeadLace backdoor malwar |
| WellMess | Unspecified | 2 | The WellMess malware, first reported by LAC and JPCERT in mid-2018, is a malicious software that stores the Command and Control (C2) IP addresses it uses in the binary as plaintext URLs. The C2 has limited functionality to relay information between itself, the WellMess backdoor, and presumably a fur |
| POSHSPY | Unspecified | 2 | Poshspy is a sophisticated malware used by APT29, an advanced persistent threat group known for deploying stealthy backdoors. It leverages built-in Windows features such as PowerShell and Windows Management Instrumentation (WMI) to infiltrate systems. The malware was designed to store and persist th |
| KONNI | Unspecified | 2 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT28 | is related to | 6 | APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor linked to Russia that has been active since at least 2007. The group has targeted governments, militaries, and security organizations worldwide, including the German Social Democratic Party |
| Gamaredon | Unspecified | 3 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the cybersecurity landscape. Notably, it has employed the USB worm LitterDrifter in a series of cyberattacks against Ukraine, demonstrating its capacity for sophisticated and disruptive |
| Sandworm | Unspecified | 2 | Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio |
| Turla | Unspecified | 2 | Turla, a threat actor linked to Russia, is known for its sophisticated cyber-espionage activities. It has been associated with numerous high-profile attacks, employing innovative techniques and malware to infiltrate targets and execute actions with malicious intent. According to MITRE ATT&CK and MIT |
| Nobellium | Unspecified | 2 | None |
| Volt Typhoon | Unspecified | 2 | Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-38831 | Unspecified | 3 | CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil |
| CVE-2023-42793 | Unspecified | 2 | CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Securityaffairs | 6 days ago | Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| InfoSecurity-magazine | 8 days ago | Russian Hackers Use Commercial Spyware Exploits to Target Victims | |
| Securityaffairs | 9 days ago | Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| CERT-EU | 6 months ago | Russian hackers shift to cloud attacks, US and allies warn | |
| CERT-EU | 6 months ago | Response to CISA Advisory (AA24-057A): SVR Cyber Actors Adapt Tactics for Initial Cloud Access | |
| BankInfoSecurity | 3 months ago | Russian State Hackers Target French Government for Espionage | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 1 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| Securityaffairs | 2 months ago | Operation Morpheus took down 593 Cobalt Strike servers used by threat actors | |
| Checkpoint | 2 months ago | 1st July – Threat Intelligence Report - Check Point Research | |
| Securityaffairs | 2 months ago | Russia-linked group APT29 likely breached TeamViewer | |
| Securityaffairs | 2 months ago | Russia's Midnight Blizzard stole email of more Microsoft customers | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| DARKReading | 2 months ago | Network Segmentation Saved TeamViewer From APT29 Attack | |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |