| ID | Votes | Profile Description |
|---|---|---|
| APT29 | 10 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| Midnight Blizzard | 5 | Midnight Blizzard, a Russia-linked Advanced Persistent Threat (APT) group, has emerged as a significant cybersecurity concern. The group is known for executing actions with malicious intent and has been linked to several high-profile cyber attacks on global organizations. Notably, it breached the sy |
| NOBELIUM | 5 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
| Cloaked Ursa | 4 | Cloaked Ursa, also known as APT29, Midnight Blizzard, Nobelium, and BlueBravo, is a threat actor linked to Russia's Foreign Intelligence Service (SVR). This group has been observed executing cyber-espionage attacks on diplomatic entities throughout Eastern Europe. It utilizes innovative tactics and |
| The Dukes | 3 | The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and several other aliases, is a highly active threat actor group widely believed to be associated with the Russian Foreign Intelligence Service (SVR). The group has been operational since at least 2008, targeting various governments, thin |
| UNC2452 | 2 | UNC2452, also known as APT29, Cozy Bear, Nobelium, and Midnight Blizzard, is a highly skilled and disciplined threat actor group linked to Russia's SVR intelligence agency. The group gained notoriety for its role in the SolarWinds compromise in December 2020, an extensive cyberattack that involved a |
| Bluebravo | 2 | BlueBravo, also known as APT29 or Nobellium, is a threat actor group linked to Russia that has been implicated in several high-profile cyberattacks. Recently, TeamViewer discovered a breach in its corporate network, with some reports attributing the intrusion to this group. BlueBravo, along with oth |
| Dark Halo | 1 | Dark Halo, a cyber threat actor identified by cybersecurity company Volexity, has been linked to several significant cyber attacks. This group initially gained notoriety for its exploitation of the SolarWinds Orion software in June and July 2020, which resulted in a major breach of the targeted orga |
| Darkhalo | 1 | DarkHalo, also known as APT29, Cozy Bear, and tracked by Microsoft as Midnight Blizzard (previously NOBELIUM), is a sophisticated threat actor suspected of executing actions with malicious intent. These actions typically involve cyber attacks and are often attributed to either individual hackers, pr |
| IRON HEMLOCK | 1 | Iron Hemlock, a threat actor also known as APT29, Cozy Bear, BlueBravo, Cloaked Ursa, The Dukes, and Midnight Blizzard, has been identified as a significant cybersecurity concern. This group, suspected to be associated with Russia and previously identified as Nobelium, is known for executing actions |
| Blue Kitsune | 1 | Blue Kitsune, also known as APT29, Cozy Bear, and the Dukes, is a notable threat actor in the realm of cybersecurity. This group has been linked to several malicious activities, including the deployment of WellMess malware. While there is no definitive evidence tying WellMess exclusively to Blue Kit |
| Frozenlake | 1 | Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vuln |
| SUNSPOT | 1 | Sunspot is a sophisticated and novel malware associated with the SolarWinds intrusion that occurred in December 2020. This malicious software, linked to COZY BEAR (also known as APT29 or "The Dukes"), infiltrates systems undetected, often through suspicious downloads, emails, or websites. Once insid |
| Blue Bravo | 1 | Blue Bravo is a malicious software (malware) that has been linked to the notorious hacker group APT29, also known as Cozy Bear. This malware is designed to infiltrate computer systems and devices through various means such as suspicious downloads, emails, or websites. Once it gains access, Blue Brav |
| StellarParticle | 1 | StellarParticle, a threat actor associated with the COZY BEAR adversary group, has been identified as a significant cybersecurity risk by CrowdStrike. StellarParticle is known for its extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and it has |
| CozyDuke | 1 | CozyDuke, also known as Cozy Bear or APT29, is a prominent threat actor recognized for its malicious activities against Western government organizations and a variety of industries. The group has successfully infiltrated the unclassified networks of several high-profile entities, including the White |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Ursa | Unspecified | 3 | URSA is a harmful malware, typically delivered as an archive attachment to phishing emails. It operates as a backdoor into the infected system, enabling unauthorized access and exploitation. The malware has been particularly active in Latin America, where it's known as the Mispadu banking trojan. Si |
| InvisiMole | Unspecified | 1 | InvisiMole is a sophisticated malware with modular architecture, designed to infiltrate and exploit computer systems undetected. It begins its operation using a wrapper DLL and performs activities through two other modules embedded in its resources. Notably, the malware is capable of scanning enable |
| WellMess | Unspecified | 1 | The WellMess malware, first reported by LAC and JPCERT in mid-2018, is a malicious software that stores the Command and Control (C2) IP addresses it uses in the binary as plaintext URLs. The C2 has limited functionality to relay information between itself, the WellMess backdoor, and presumably a fur |
| Tomiris | Unspecified | 1 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
| EnvyScout | Unspecified | 1 | EnvyScout is a sophisticated malware used primarily by the threat actor group NOBELIUM, also known as APT29 or Cozy Bear. This malware, tracked by Microsoft and alternatively referred to as Rootsaw, is delivered via spear-phishing emails, often disguised with seemingly harmless attachments such as t |
| Magicweb | Unspecified | 1 | MagicWeb is a sophisticated malware that was first reported by Microsoft in August 2022. It was developed and deployed by the threat group Nobelium, also known as Cozy Bear or APT29, who are believed to be associated with the Russian Foreign Intelligence Service (SVR). MagicWeb is designed to exploi |
| NotPetya | Unspecified | 1 | NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT28 | Unspecified | 3 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| Sandworm | Unspecified | 2 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| Fancy Bear | Unspecified | 2 | Fancy Bear is a sophisticated Russian-based threat actor, also known as Sofacy or APT 28, that has been active since the mid-2000s. Fancy Bear is responsible for targeted intrusion campaigns against the Aerospace, Defense, Energy, Government and Media sectors. At the DNC, both Cozy Bear and Fancy Be |
| Midnight Blizzard/nobelium | Unspecified | 2 | None |
| Gamaredon | Unspecified | 1 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E |
| Scattered Spider | Unspecified | 1 | Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur |
| Phosphorus | Unspecified | 1 | Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the |
| YTTRIUM | Unspecified | 1 | Yttrium, also known as APT29, CozyBear, UNC2452, NOBELIUM, and Midnight Blizzard, is a prominent threat actor in the cybersecurity landscape. This group has been attributed to several significant cyber-attacks, with its activities largely overlapping with those attributed to APT29 or CozyBear, accor |
| Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| STRONTIUM | Unspecified | 1 | Strontium, also known as APT28, Fancy Bear, Forest Blizzard, and several other aliases, is a Russia-linked threat actor that has been active since at least 2007. This group, believed to be associated with the Russian General Staff Main Intelligence Directorate (GRU), has targeted governments, milita |
| ACTINIUM | Unspecified | 1 | Actinium, also known as Primitive Bear or Shuckworm, is a notable threat actor in the realm of cyber espionage, primarily focusing on Ukraine. This group is one of several Russian government Advanced Persistent Threat (APT) hacking teams that have actively engaged in cyber operations against Ukraine |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-38831 | Targets | 3 | CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil |
| Blizzard/nobelium | Unspecified | 1 | None |
| CVE-2023-3883 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | a month ago | Russia-linked group APT29 likely breached TeamViewer |
| Securityaffairs | a month ago | Russia's Midnight Blizzard stole email of more Microsoft customers |
| Securityaffairs | a month ago | Russia-linked APT Nobelium targets French diplomatic entities |
| BankInfoSecurity | 2 months ago | Check Point Alert: Attackers Targeting Poorly Secured VPNs |
| BankInfoSecurity | 3 months ago | Live Webinar | The State of Cloud Security |
| DARKReading | 3 months ago | Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft |
| BankInfoSecurity | 3 months ago | Microsoft Questioned by German Lawmakers About Russian Hack |
| CrowdStrike | 3 months ago | CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud |
| DARKReading | 3 months ago | CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits |
| BankInfoSecurity | 4 months ago | CISA Warns Russian Microsoft Hackers Targeted Federal Emails |
| BankInfoSecurity | 4 months ago | Tactics for Battling Attacks by Russia's Midnight Blizzard |
| CERT-EU | 4 months ago | Microsoft is Under Attack by Russian Hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | 4 months ago | Russian Hackers Are Weaponizing Stolen Microsoft Passwords | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | 5 months ago | Kremlin accuses US of plotting election-day cyberattack |
| CERT-EU | 5 months ago | Moscow-Sponsored Hackers Continue to Further Hacking Attempts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | 5 months ago | Irony of Ironies: CISA Hacked — ‘by China’ |
| CERT-EU | 5 months ago | Microsoft says source code stolen in Russian hacking escalation |
| CERT-EU | 5 months ago | Russian Midnight Blizzard Hackers Breached Microsoft Source Code |
| CERT-EU | 5 months ago | Microsoft suspects Russian hackers still lurking in its corporate network - Cybersecurity Insiders |
| CERT-EU | 5 months ago | Russian Spies Hacked Microsoft Email Systems & Accessed Code | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |