Alias Description | Votes |
---|---|
Cozy Bear is a possible alias for APT29. Cozy Bear, also known as APT29 and associated with names like Midnight Blizzard, Nobelium, and The Dukes, is a threat actor believed to be linked with the Russian state. This group has been involved in numerous cyber espionage activities, demonstrating proficiency across multiple operating systems a | 10 |
Midnight Blizzard is a possible alias for APT29. Midnight Blizzard, a Russia-linked Advanced Persistent Threat (APT) group also known as APT29, Cozy Bear, Nobelium, and The Dukes, has been actively involved in large-scale cyberespionage campaigns targeting organizations worldwide. This threat actor has demonstrated sophisticated capabilities to br | 8 |
NOBELIUM is a possible alias for APT29. Nobelium, a threat actor linked to Russia, has been identified as a significant cybersecurity concern due to its persistent and sophisticated cyber-espionage campaigns. Known also by various other names such as APT29, Cozy Bear, Midnight Blizzard, and The Dukes, Nobelium is believed to be operating | 6 |
The Dukes is a possible alias for APT29. The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and Nobelium, is a threat actor associated with the Russian government that has been active since at least 2008. Notably, this group was implicated in the 2015 attack on the American Democratic National Committee (DNC). The FBI alerted th | 5 |
Cloaked Ursa is a possible alias for APT29. Cloaked Ursa, also known as APT29, BlueBravo, Midnight Blizzard, and formerly Nobelium, is a Russian threat actor believed to be associated with Russia's Foreign Intelligence Service (SVR). The group has been active in conducting cyber-espionage attacks against various diplomatic entities throughout | 5 |
UNC2452 is a possible alias for APT29. UNC2452, also known as APT29, Cozy Bear, Nobelium, and Midnight Blizzard, is a highly skilled and disciplined threat actor group linked to Russia's SVR intelligence agency. The group gained notoriety for its role in the SolarWinds compromise in December 2020, an extensive cyberattack that involved a | 3 |
Bluebravo is a possible alias for APT29. BlueBravo, also known as APT29, Nobelium, Cozy Bear, Midnight Blizzard, and The Dukes, is a threat actor group linked to Russia that has been implicated in multiple high-profile cyberattacks. Recently, TeamViewer discovered a breach in its corporate network, with reports attributing the intrusion to | 3 |
Cozybear is a possible alias for APT29. CozyBear, also known as APT29 and Midnight Blizzard, is a threat actor believed to be linked to the Russian state. This group has been actively engaged in cyber operations against Ukraine and its allies and has been involved in several major breaches, including attacks on Okta, Dropbox, Department o | 3 |
YTTRIUM is a possible alias for APT29. Yttrium, also known as APT29, CozyBear, UNC2452, NOBELIUM, and Midnight Blizzard, is a prominent threat actor in the cybersecurity landscape. This group has been attributed to several significant cyber-attacks, with its activities largely overlapping with those attributed to APT29 or CozyBear, accor | 2 |
StellarParticle is a possible alias for APT29. StellarParticle, a threat actor associated with the COZY BEAR adversary group, has been identified as a significant cybersecurity risk by CrowdStrike. StellarParticle is known for its extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and it has | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The EnvyScout Malware is associated with APT29. EnvyScout is a sophisticated malware used primarily by the threat actor group NOBELIUM, also known as APT29 or Cozy Bear. This malware, tracked by Microsoft and alternatively referred to as Rootsaw, is delivered via spear-phishing emails, often disguised with seemingly harmless attachments such as t | Unspecified | 4 |
The SUNBURST Malware is associated with APT29. Sunburst is a sophisticated malware that was detected in a major supply chain attack in December 2020. The Sunburst backdoor has been tied to Kazuar, another malicious software, due to code resemblance, indicating its high level of complexity. This malware infiltrates systems, often without the user | Unspecified | 3 |
The Ursa Malware is associated with APT29. Ursa is a highly active and motivated malware threat actor, also known as APT28, Fancy Bear, and Sofacy, which has been linked to various high-profile cyberattacks, including the US election interference in 2016 and the NotPetya attacks. The group is known for its use of the HeadLace backdoor malwar | Unspecified | 3 |
The Rootsaw Malware is associated with APT29. Rootsaw, also known as EnvyScout, is a first-stage payload malware extensively used by state-sponsored group APT29 for their initial access efforts in collecting foreign political intelligence. The malware is typically deployed via phishing emails with HTML file attachments or .HTA files, which exec | Unspecified | 3 |
The WellMess Malware is associated with APT29. The WellMess malware, first reported by LAC and JPCERT in mid-2018, is a malicious software that stores the Command and Control (C2) IP addresses it uses in the binary as plaintext URLs. The C2 has limited functionality to relay information between itself, the WellMess backdoor, and presumably a fur | Unspecified | 2 |
The KONNI Malware is associated with APT29. Konni is a malicious software (malware) linked to North Korea, specifically associated with the state-sponsored Kimsuky group. This advanced persistent threat (APT) has been active since at least 2021, focusing on high-profile targets such as the Russian Ministry of Foreign Affairs, the Russian Emba | Unspecified | 2 |
The POSHSPY Malware is associated with APT29. Poshspy is a sophisticated malware used by APT29, an advanced persistent threat group known for deploying stealthy backdoors. It leverages built-in Windows features such as PowerShell and Windows Management Instrumentation (WMI) to infiltrate systems. The malware was designed to store and persist th | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The APT28 Threat Actor is associated with APT29. APT28, also known as Fancy Bear, Forest Blizzard, and Unit 26165 of the Russian Main Intelligence Directorate, is a Russia-linked threat actor that has been active since at least 2007. This group has targeted governments, militaries, and security organizations worldwide with a particular focus on th | is related to | 6 |
The Gamaredon Threat Actor is associated with APT29. Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as one of the most active threat actors in Ukraine, particularly since Russia's invasion of Ukraine in 2022. The group has been known to employ a variety of tools and techniques for cyberespionage, including downloaders | Unspecified | 3 |
The Volt Typhoon Threat Actor is associated with APT29. Volt Typhoon, identified as a People’s Republic of China state-sponsored group, is a prominent threat actor targeting critical infrastructure industries, including healthcare. The group has demonstrated strong operational security and the ability to obfuscate their malware, making them particularly | Unspecified | 2 |
The Turla Threat Actor is associated with APT29. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures ( | Unspecified | 2 |
The Sandworm Threat Actor is associated with APT29. Sandworm, also known as APT44, is a Russia-linked threat actor believed to be actively supporting Russian military activities in Ukraine. This group has been involved in several high-profile cyberattacks, demonstrating advanced capabilities and persistent efforts to compromise key infrastructures. S | Unspecified | 2 |
The threatActor Nobellium is associated with APT29. | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CVE-2023-38831 Vulnerability is associated with APT29. CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil | Unspecified | 3 |
The CVE-2023-42793 Vulnerability is associated with APT29. CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Checkpoint | 3 hours ago | ||
DARKReading | 3 hours ago | ||
Securityaffairs | 3 hours ago | ||
Securityaffairs | 17 days ago | ||
InfoSecurity-magazine | 18 days ago | ||
Securityaffairs | 2 months ago | ||
InfoSecurity-magazine | 2 months ago | ||
Securityaffairs | 2 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
CERT-EU | 8 months ago | ||
CERT-EU | 8 months ago | ||
BankInfoSecurity | 4 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Checkpoint | 4 months ago |