Cyber Army of Russia

Threat Actor Profile Updated 11 days ago
Download STIX
Preview STIX
The Cyber Army of Russia, a threat actor group known for its malicious cyber activities, has been identified as the most active entity claiming Distributed Denial of Service (DDoS) attacks against Ukraine. This information was revealed in recent research conducted by ASERT, which also highlighted that these attacks span various industries and involve multiple hacktivist groups, including CyberDragon and the Cyber Army of Russia among others. Besides Ukraine, the Cyber Army of Russia has only sporadically targeted other countries, indicating a focused cyber aggression towards Ukraine. Microsoft has identified three hacktivist groups — Solntsepek, InfoCentr, and Cyber Army of Russia — that regularly interact with Seashell Blizzard, a Russian state-sponsored threat actor affiliated with the GRU, Russia's main military foreign-intelligence service. Furthermore, Mandiant researchers have linked XakNet and the Cyber Army of Russia to Russian security services, suggesting that these groups act as fronts to share information obtained illegally by state-backed groups. Other pro-Russia hacktivist groups such as Turla, XakNet, KillNet, NoName057(16), Anonymous Russia, and Cyber Army of Russia remain active, according to the SSCIP. In a significant development, Ukraine's security service (SBU) has detained an alleged member of the Cyber Army of Russia. The news was first reported by The Record Media and later confirmed by the SBU on their official Telegram channel. This arrest represents a critical step in combating the cyber threats posed by this group and could potentially lead to more insights into their operations, tactics, techniques, and procedures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Anonymous Russia
2
Anonymous Russia, a malicious software (malware), has been associated with significant cyber-attacks, accounting for more than 30% of such incidents. This malware is affiliated with other hacktivist groups including Killnet, MIRAI, Venom, and has been involved in promoting Passion. Anonymous Russia,
XakNet
2
XakNet is a notable threat actor, potentially aligned with Russian interests, that has been implicated in various cyber attacks. This group emerged prominently during Russia's conflict with Ukraine and the subsequent ban on Russia from the 2022 FIFA World Cup. The Russian government was suspected of
KillNet
2
Killnet is a pro-Russian threat actor group that has been linked to a series of disruptive cyberattacks, particularly targeting governments and organizations that have expressed support for Ukraine. The group's activities gained prominence after Russia was banned from the 2022 FIFA World Cup due to
Cyberarmyofrussia_reborn
1
CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Russia
Ddos
Telegram
State Sponso...
Microsoft
Blizzard
Ukraine
Facebook
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Seashell BlizzardUnspecified
1
Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the
Xaknet TeamUnspecified
1
XakNet Team is a notable threat actor that has emerged amidst the escalation of conflict in Ukraine. This group, along with other self-proclaimed hacktivist groups such as CyberArmyofRussia_Reborn and Infoccentr, have surfaced since the beginning of the war, engaging in malicious cyber activities. X
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cyber Army of Russia Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
4 days ago
US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group
InfoSecurity-magazine
11 days ago
Hacktivist Groups Target Romania Amid Geopolitical Tensions
BankInfoSecurity
6 months ago
Breach Roundup: CIA Hacking Tool Leaker Gets 40 Years
Securityaffairs
6 months ago
Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'
BankInfoSecurity
10 months ago
Ukraine Cyber Defenders Prepare for Winter
DARKReading
6 months ago
Microsoft Threat Report: How Russia’s War on Ukraine Is Impacting the Global Cybersecurity Community
CERT-EU
a year ago
Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists
Flashpoint
a year ago
For Money and Attention: Killnet Apparently Reorganizes Again
CERT-EU
10 months ago
At least 23 Russian hacker groups targeted Ukraine in 2023, Ukraine’s cyber defense says
CERT-EU
10 months ago
Israel govt websites hit by DDoS Cyber Attack - Cybersecurity Insiders
CERT-EU
a year ago
What's in a NoName? Researchers see a lone-wolf DDoS group | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
10 months ago
Ukraine Cyber Defenders Prepare for Winter