Cadet Blizzard

Threat Actor updated 15 days ago (2024-11-29T14:12:21.956Z)
Download STIX
Preview STIX
Cadet Blizzard, a Russian threat actor, has emerged as a significant cybersecurity concern. Identified by the Microsoft Threat Intelligence Center in June 2023, Cadet Blizzard is linked to Russia's GRU military intelligence unit and has been operational since at least 2020. The group has demonstrated a comprehensive approach to its cyber activities, maintaining an extended risk of compromise within targeted networks. Their operations have included destructive cyber attacks, particularly in Ukraine, utilizing wiper malware to cause extensive damage. In the lead-up to Russia's invasion of Ukraine, Cadet Blizzard was identified as responsible for deploying wiper malware. Furthermore, the group has been implicated in defacements of Ukrainian organization websites and the hack-and-leak Telegram channel "Free Civilian." Microsoft has tracked Cadet Blizzard since January 2022, noting that it targets government organizations and IT providers not only in Ukraine but also across Europe and Latin America. Notably, the group has received support from at least one Russian private sector organization, demonstrating its extensive network and resources. Cadet Blizzard has leveraged several vulnerabilities (CVE-2023-34362, CVE-2023-35036, CVE-2023-35708, CVE-2023-34363, CVE-2023-34364) to exploit target software MOVEit Transfer and Windows systems. The group has also utilized various forms of malware, including Clop ransomware and LEMURLOOT webshell, employing techniques such as SQL injection. Its threats have ranged from data leaks to extortion, affecting multiple countries including the US, UK, and Canada. As a result, Cadet Blizzard represents a substantial and diverse threat to global cybersecurity.
Description last updated: 2024-11-21T10:46:29.245Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Blizzard
Microsoft
Apt
Confluence
Malware
Wiper
Ukraine
State Sponso...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The WhisperGate Malware is associated with Cadet Blizzard. WhisperGate is a malicious software (malware) deployed by Unit 29155 cyber actors, known for their extensive use of this malware, particularly against Ukraine. The malware corrupts a system's master boot record, displays a fake ransomware note, and encrypts files based on specific file extensions. TUnspecified
4
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Seashell Blizzard Iridium Threat Actor is associated with Cadet Blizzard. Seashell Blizzard Iridium, also known as Sandworm, is a threat actor reportedly comprised of Russian military intelligence officers. This group has been identified as distinct from other Advanced Persistent Threat (APT) groups associated with the Russian military intelligence GRU, such as Forest BliUnspecified
2
The STRONTIUM Threat Actor is associated with Cadet Blizzard. Strontium, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor linked to Russia's General Staff Main Intelligence Directorate (GRU). Active since at least 2007, the group has targeted governments, militaries, and security organizations worldwide. Strontium's Unspecified
2
The Seashell Blizzard Threat Actor is associated with Cadet Blizzard. Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the Unspecified
2
Source Document References
Information about the Cadet Blizzard Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more