Colonel Cassad

Threat Actor updated 5 months ago (2024-05-04T18:17:30.382Z)
Download STIX
Preview STIX
Colonel Cassad, a self-proclaimed military journalist based in Sevastopol, Russia, has been identified as a potential threat actor in the cybersecurity landscape. The individual is known for soliciting donations for Russian militia group operations in the sanctioned jurisdictions of Donetsk and Luhansk amidst the ongoing conflict between Russia and Ukraine. Notably, Talos cybersecurity researchers have previously indicated possible connections between Colonel Cassad and Fancy Bear, a Russian state hacking unit that has been sanctioned by the European Union. In a recent development, blockchain analysis conducted by Chainalysis revealed that an administrator from LockBit, a notorious cybercriminal organization, made cryptocurrency donations to Colonel Cassad. This revelation came during Operation Cronos, an investigation into LockBit's activities, which was notably successful due to the gang's negligence in updating their PHP settings on their servers in a timely manner. Despite denying some claims made by investigators, including the arrest of two alleged affiliates and the recovery of numerous decryptors, LockBit confirmed the FBI's assertion that its annual income exceeds $100 million, a figure based on data from seized cryptocurrency wallets. The association between Colonel Cassad and LockBit raises serious concerns about the potential for state-sponsored cyber threats. While the exact nature of the relationship remains unclear, the financial link established through cryptocurrency donations suggests a level of cooperation or mutual interest between the two parties. Furthermore, the connection between Colonel Cassad and the sanctioned Russian hacking unit, Fancy Bear, adds another layer of complexity to the situation, highlighting the need for continued vigilance and further investigation.
Description last updated: 2024-05-04T17:34:38.122Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Colonel Cassad. LockBit is a notorious malware that has been involved in several high-profile ransomware incidents, including attacks on Boeing, London Drugs, Ontario hospitals, and Accenture. The malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the userUnspecified
2
Source Document References
Information about the Colonel Cassad Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more