| ID | Votes | Profile Description |
|---|---|---|
| Sandworm | 5 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| Industroyer | 4 | Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma |
| GreyEnergy | 4 | GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps |
| Telebots | 3 | TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize |
| Sandworm Team | 2 | The Sandworm Team, a threat actor associated with Russia's military intelligence-linked group, has demonstrated significant capabilities in developing custom malware to target Operational Technology (OT) and Industrial Control Systems (ICSs). Since at least 2015, the team has used the "BlackEnergy" |
| IRON VIKING | 1 | Iron Viking, a threat actor group also known as Sandworm, Telebots, Voodoo Bear, and other names, has been active since 2000. This group operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). Iron Viking is notorious for its destructive cyber-espi |
| Voodoo Bear | 1 | VOODOO BEAR, also known as Sandworm, Seashell Blizzard, and other names such as Iridium, Iron Viking, Telebots, and APT44, is a highly advanced threat actor with a suspected nexus to the Russian Federation. First identified in January 2018, this group has been active since 2000 and operates under th |
| Win32/exaramel | 1 | Win32/Exaramel is a type of malware, specifically a backdoor, that can infiltrate systems through suspicious downloads, emails, or websites. Once deployed by a dropper, it can exploit and damage the infected computer or device, potentially stealing personal information or disrupting operations. The |
| Sandworm Apt | 1 | The Sandworm Advanced Persistent Threat (APT) group, a threat actor believed to be linked to Russia, has been identified as a significant cybersecurity concern. This entity has displayed malicious intent and demonstrated its capacity to execute sophisticated cyber-attacks. The naming convention "San |
| Blackenergy Apt | 1 | BlackEnergy APT, also known as Sandworm Team or BlackEnergy APT Group, is a form of malware that gained notoriety in the last decade for its destructive actions, particularly in Ukraine. This malicious software is designed to infiltrate systems, often through suspicious downloads, emails, or website |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Kapeka | is related to | 4 | Kapeka is a previously unknown backdoor malware that has been linked to the Russian Sandworm Advanced Persistent Threat (APT) group. As a malicious software, Kapeka is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without t |
| NotPetya | is related to | 4 | NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking |
| Zeus | Unspecified | 2 | Zeus is a type of malware, short for malicious software, designed to exploit and damage computers or devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Zeus can steal personal information, disrupt operations, or even hold da |
| Stuxnet | Unspecified | 2 | Stuxnet, a notorious malware discovered in 2010, is one of the most infamous Advanced Persistent Threat (APT) attacks in history. This military-grade cyberweapon was co-developed by the United States and Israel to specifically target Iran's nuclear enrichment facility at Natanz. The Stuxnet worm, a |
| Gozi | Unspecified | 2 | Gozi is a notorious malware that has been linked to numerous cyber attacks. It's typically delivered through sophisticated malvertising techniques, often used in conjunction with other initial access malware such as Pikabot botnet agent and IcedID information stealer. When an individual accesses a c |
| Crashoverride | Unspecified | 1 | CrashOverride, also known as Industroyer, is a notorious malware that was leveraged in 2016 to disrupt Ukraine's power grid at the transmission substation level. This malicious software, believed to be state-sponsored by Russia, manipulated Industrial Control Systems (ICS) equipment through the abus |
| Killdisk Wiper | Unspecified | 1 | None |
| KillDisk | Unspecified | 1 | KillDisk is a potent malware, initially designed to overwrite targeted files instead of encrypting them. First seen in action during December 2016, it disrupted recovery processes by erasing critical system and workstation files. The TeleBots group notably used KillDisk in the final stages of their |
| TRITON | Unspecified | 1 | Triton is a sophisticated malware that has been historically used to target the energy sector. It was notably used in 2017 by the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM) to attack a Middle East petrochemical facility. The malware, also known as Trisis and |
| Ursnif | Unspecified | 1 | Ursnif, also known as Gozi or ISFB, is a type of malware that poses significant threats to computer systems and user data. It's often distributed through suspicious downloads, emails, or websites, infiltrating systems without the user's knowledge. Once installed, Ursnif can steal personal informatio |
| Ryuk | Unspecified | 1 | Ryuk is a sophisticated malware, specifically a ransomware variant, that has been extensively used by cybercriminal group ITG23. The group has been employing crypting techniques for several years to obfuscate their malware, with Ryuk often seen in tandem with other malicious software such as Trickbo |
| Cloudwizard | Unspecified | 1 | CloudWizard is a sophisticated malware discovered in May 2023, allegedly developed by an unidentified threat actor based in Ukraine. This malicious software has been linked to a broader set of cyber-attacks across the country, marking an evolution from its predecessors by exploiting well-known cloud |
| Incontroller | Unspecified | 1 | Incontroller is a highly sophisticated malware platform capable of attacking industrial control systems (ICS). It was discovered in early 2022 and is believed to have been developed by a state actor, with the group Chernovite suspected of being behind its creation. The malware, also referred to as P |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Gamaredon | Unspecified | 2 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E |
| Quedagh | Unspecified | 2 | None |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| Havex | Unspecified | 1 | Havex, also known as Dragonfly or the Energetic Bear RAT, is a prominent threat actor in the cybersecurity landscape. First spotted in 2013, Havex was part of a broad industrial espionage campaign that specifically targeted Supervisory Control and Data Acquisition (SCADA) and Industrial Control Syst |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2014-4114 | Unspecified | 2 | CVE-2014-4114 is a significant vulnerability that lies within the design or implementation of software. This flaw specifically targets the Microsoft Windows OLE Package Manager, enabling remote code execution. The exploit was primarily used in .pps files, which are PowerPoint presentation files, mak |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 3 months ago | To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware |
| Securityaffairs | 3 months ago | Previously unknown Kapeka backdoor linked to Sandworm APT |
| DARKReading | 3 months ago | Dangerous New ICS Malware Targets Orgs in Russia and Ukraine |
| BankInfoSecurity | 3 months ago | Likely Sandworm Hackers Using Novel Backdoor 'Kapeka' |
| CERT-EU | 5 months ago | Operational Technology Threats - ReliaQuest |
| DARKReading | 5 months ago | Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure |
| Securityaffairs | 7 months ago | Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months |
| CERT-EU | 8 months ago | Advanced threat predictions for 2024 – GIXtools |
| Securelist | 8 months ago | Kaspersky Security Bulletin: APT predictions 2024 |
| Securityaffairs | 9 months ago | Russian Sandworm disrupts power in Ukraine with a new OT attack |
| CERT-EU | 9 months ago | The Urgency for Robust Utility Cybersecurity |
| Securityaffairs | 9 months ago | Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers |
| CERT-EU | 10 months ago | Is Future Escalation in Cyber Conflict a Foregone Conclusion? |
| Securityaffairs | a year ago | Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware |
| CERT-EU | a year ago | IT threat evolution in Q2 2023 – GIXtools |
| CERT-EU | a year ago | IT threat evolution Q2 2023 |
| CERT-EU | a year ago | Gozi strikes again, targeting banks, cryptocurrency and more |
| CERT-EU | a year ago | US and Poland shut down Lolek Hosted bulletproof hosting platform |
| CERT-EU | a year ago | Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks |
| CERT-EU | a year ago | Cyberattacks on OT, ICS Lay Groundwork for Kinetic Warfare |