ID | Votes | Profile Description |
---|---|---|
COLDRIVER | 5 | Coldriver, also known as Callisto Group and Star Blizzard, is a threat actor believed to originate from Russia. This entity is recognized for its malicious activities including disinformation campaigns, spear-phishing attacks, and the use of custom malware. The group has been associated with the Rus |
Seaborgium | 4 | Seaborgium, also known as Star Blizzard, Callisto Group, COLDRIVER, and TAG-53, is a threat actor linked to suspected Russian threat activity groups. Open-source reporting has enabled Insikt Group to profile the infrastructure used by this group, revealing significant overlaps with other known malic |
Star Blizzard | 3 | Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tr |
Callisto Group | 3 | The Callisto Group, a threat actor identified as part of the Russian Federal Security Service, has been exposed by the United States and the United Kingdom for its malicious cyber activities. This group, also known as Coldriver and formerly tracked by Microsoft under the moniker "Seaborgium," is com |
Unc4057 | 2 | UNC4057, also known as ColdRiver, Star Blizzard, Blue Charlie, and Callisto, is a Russian-backed advanced persistent threat (APT) group that has been active since 2019. This group, sponsored by the Federal Security Service (FSB), has been involved in various malicious activities on behalf of the Rus |
TA446 | 2 | TA446, also known as the Callisto APT group, Seaborgium, Star Blizzard, ColdRiver, TAG-53, and BlueCharlie, is a threat actor that has been active since at least 2015. This cyberespionage entity has persistently targeted individuals and organizations involved in international affairs, defense, and l |
Gossamer Bear | 2 | Gossamer Bear, also known as Callisto, Blue Callisto, BlueCharlie (or TAG-53), Calisto, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is a significant threat actor that has been active since 2019. The group primarily focuses on credential harvesting and conducts hack-and-leak campaigns ta |
Cold River | 1 | Cold River, a sophisticated threat actor linked to the Kremlin, has been engaging in malicious cyber activities for several years. The group, also known as Star Blizzard, Callisto, and UNC4057, is attributed to Center 18 of the FSB, one of Russia's security services sponsoring global cyber espionage |
Blue Charlie | 1 | Blue Charlie, also known as TAG-53, UNC4057, Star Blizzard, and Callisto, is a threat actor linked to Russian threat activity groups such as the Callisto Group, COLDRIVER, and SEABORGIUM. Both Microsoft and the UK government have assessed this connection. The entity is believed to be part of the wid |
Calisto | 1 | Calisto, also known as BlueCharlie, Blue Callisto, TAG-53, COLDRIVER, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is a threat actor that has been active since 2019. This group targets a wide range of sectors and is particularly focused on individuals and organizations involved in intern |
Bluecharlie | 1 | BlueCharlie, also known as TAG-53, Blue Callisto, Callisto (or Calisto), COLDRIVER, Star Blizzard (formerly SEABORGIUM), and TA446, is a threat actor that has been linked to Russia and has reportedly been active since 2019. The group has been involved in various malicious activities including cybere |
Blue Callisto | 1 | Blue Callisto, also known as COLDRIVER, BlueCharlie (or TAG-53), Calisto, Gossamer Bear, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is a malicious software program that has been active since 2019. This malware is designed to infiltrate computer systems and devices, often undetected, vi |
ID | Type | Votes | Profile Description |
---|---|---|---|
Spica | Unspecified | 1 | Spica is a custom malware developed and utilized by the threat group known as Coldriver. The backdoor software, Spica, was first identified by Google's Threat Analysis Group (TAG), which has been tracking its use since as early as September of the previous year. The malware appears to be used in hig |
Bundlore | Unspecified | 1 | Bundlore is a type of malware, specifically an adware, that targets macOS systems. It is known for displaying unwanted advertisements on infected computers and installing software products offered by affiliates. Bundlore, along with other malware tools such as BlueBlood, Callisto, JokerSpy, XCSSET, |
XCSSET | Unspecified | 1 | XCSSET is a particularly harmful form of malware that targets Apple's M1-Based Macs and macOS 11. As a malicious software, it exploits and damages the computer system by infiltrating through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations |
InvisiMole | Unspecified | 1 | InvisiMole is a sophisticated malware with modular architecture, designed to infiltrate and exploit computer systems undetected. It begins its operation using a wrapper DLL and performs activities through two other modules embedded in its resources. Notably, the malware is capable of scanning enable |
ID | Type | Votes | Profile Description |
---|---|---|---|
Starblizzard | Unspecified | 1 | None |
Callisto Apt Group | Unspecified | 1 | None |
Gamaredon | Unspecified | 1 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E |
Sandworm | Unspecified | 1 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
Armageddon | Unspecified | 1 | Armageddon, also known as the Gamaredon Group, is a threat actor that has been operational since around 2013 or 2014. This group comprises regular officers of the Russian Federal Security Service (FSB) and some former law enforcement officers from Ukraine. Armageddon has been particularly active in |
ID | Type | Votes | Profile Description |
---|---|---|---|
No associations to display |
Source | CreatedAt | Title |
---|---|---|
BankInfoSecurity | a month ago | European Union Sanctions Russian State Hackers |
Flashpoint | 2 months ago | Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024 |
DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
DARKReading | 3 months ago | DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse |
CERT-EU | 5 months ago | Russian Hackers Target Ukraine Via A Disinformation Campaign |
ESET | a year ago | ESET APT Activity Report T2 2022 | WeLiveSecurity |
InfoSecurity-magazine | 5 months ago | Russian Hackers Launch Email Campaigns to Demoralize Ukrainians |
CERT-EU | 6 months ago | ColdRiver threat group targeting critical infrastructure with backdoor attacks |
CERT-EU | 6 months ago | Russian hacker Coldriver extends tactics to include custom malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
CERT-EU | 6 months ago | Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware - Cyber Security Review |
DARKReading | 6 months ago | Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware |
CERT-EU | 6 months ago | Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware |
CERT-EU | 6 months ago | Russian threat group spreading backdoor through phishing, says Google | IT World Canada News |
Securityaffairs | 6 months ago | Google TAG warns that Russian COLDRIVER APT is using a custom backdoor |
CERT-EU | 6 months ago | Google TAG: Kremlin cyber spies build a custom backdoor |
CERT-EU | 6 months ago | Prolific Russian hacking unit using custom backdoor for the first time |
CERT-EU | 7 months ago | Wolverine Gameplay, Upcoming Insomniac Games Slate, More Leaked in Ransomware Hack | #ransomware | #cybercrime | National Cyber Security Consulting |
CERT-EU | 8 months ago | Britain, US sanction Russian hackers over years-long FSB cyberespionage campaign | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
CERT-EU | 8 months ago | Russian cyber-spies identified in APT attacks against UK democracy |
CERT-EU | 8 months ago | US, UK accuse Russia’s Callisto Group of cyber espionage, political interference |