Colonel Cassad

Threat Actor Profile Updated a month ago
Download STIX
Preview STIX
Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and Luhansk amidst the ongoing conflict between Russia and Ukraine. Notably, Talos cybersecurity researchers have previously indicated possible connections between Colonel Cassad and Fancy Bear, a Russian state hacking unit that has been sanctioned by the European Union. In a recent development, blockchain analysis conducted by Chainalysis revealed that an administrator from LockBit, a notorious cybercriminal organization, made cryptocurrency donations to Colonel Cassad. This revelation came during Operation Cronos, an investigation into LockBit's activities, which was notably successful due to the gang's negligence in updating their PHP settings on their servers in a timely manner. Despite denying some claims made by investigators, including the arrest of two alleged affiliates and the recovery of numerous decryptors, LockBit confirmed the FBI's assertion that its annual income exceeds $100 million, a figure based on data from seized cryptocurrency wallets. The association between Colonel Cassad and LockBit raises serious concerns about the potential for state-sponsored cyber threats. While the exact nature of the relationship remains unclear, the financial link established through cryptocurrency donations suggests a level of cooperation or mutual interest between the two parties. Furthermore, the connection between Colonel Cassad and the sanctioned Russian hacking unit, Fancy Bear, adds another layer of complexity to the situation, highlighting the need for continued vigilance and further investigation.
What's your take? (Question 1 of 0)
8390c9bd-ca7f-4f28-95e1-c290289c3a69 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Colonel Cassad Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
Authorities disrupt Lockbit ransomware, indict two RaaS affiliates | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
3 months ago
LockBit Ransomware Gang Returns, Taunts FBI and Vows Data Leaks
CERT-EU
3 months ago
LockBit Group Prepared New Crypto-Locker Before Takedown | #ransomware | #cybercrime | National Cyber Security Consulting
BankInfoSecurity
3 months ago
LockBit Group Prepared New Crypto-Locker Before Takedown