Cyber Army of Russia

Threat Actor updated a year ago (2024-11-29T13:59:33.718Z)

Download STIX

Preview STIX

The Cyber Army of Russia, a threat actor believed to be linked to the notorious Sandworm group, has been active in carrying out malicious cyber activities since 2022. The group, also known as the Cyber Army of Russia Reborn (CARR), has been particularly involved in a series of low-impact distributed denial of service (DDoS) attacks against entities in Ukraine and other countries that have shown support for Ukraine. This group often collaborates with other pro-Russian hacker groups, such as NoName057(16), which was identified as the most active hacktivist threat actor during H1 2024. A significant development occurred when Ukraine's Security Service (SBU) managed to arrest a member of this pro-Russian hackers group. Despite this setback, the group continued its operations, including launching an attack against a wastewater treatment plant in the US in April 2024. Furthermore, the group claimed responsibility for DDoS attacks on the Telegram channel of the Cyber Army of Russia, citing Japan’s upcoming joint military exercise with the U.S. as motivation. In response to these escalating threats, the US government took action by sanctioning key members of the Cyber Army of Russia Reborn. Despite these measures, the group remains active, participating in campaigns involving major hacking groups like the pro-Islamic RipperSec. These collaborative efforts resulted in DDoS attacks against over 50 targets in France, further showcasing the persistent and global nature of the threat posed by the Cyber Army of Russia and its affiliates.

Description last updated: 2024-10-22T17:43:20.163Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
XakNet is a possible alias for Cyber Army of Russia. XakNet is a notable threat actor, potentially aligned with Russian interests, that has been implicated in various cyber attacks. This group emerged prominently during Russia's conflict with Ukraine and the subsequent ban on Russia from the 2022 FIFA World Cup. The Russian government was suspected of	3
Carr is a possible alias for Cyber Army of Russia. The Cyber Army of Russia Reborn (CARR), a threat actor group, has been involved in a series of cyber-attacks against critical infrastructure since 2022. The group targeted entities in Ukraine and other countries that supported Ukraine with low-impact DDoS attacks. CARR's most notable actions include	3
Anonymous Russia is a possible alias for Cyber Army of Russia. Anonymous Russia, a malicious software (malware), has been associated with significant cyber-attacks, accounting for more than 30% of such incidents. This malware is affiliated with other hacktivist groups including Killnet, MIRAI, Venom, and has been involved in promoting Passion. Anonymous Russia,	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Russia

Hacktivist

Ddos

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The KillNet Threat Actor is associated with Cyber Army of Russia. Killnet is a threat actor or group with potential ties to the Russian government, known for its disruptive cyber-attacks. This group has been linked to several politically motivated attacks, including a significant assault on the Israeli government's website leading to its paralysis. Killnet has als	is related to	3

Source Document References

Information about the Cyber Army of Russia Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 hours ago	Pro-Russia Hacktivist Support: Ukrainian Faces US Charges - Security Affairs
InfoSecurity-magazine	a day ago	Pro-Russia Hackers Target US Critical Infrastructure in New Wave
CISA	a day ago	Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure \| CISA
CISA	2 days ago	Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure \| CISA
Checkpoint	9 months ago	Modern Approach to Attributing Hacktivist Groups - Check Point Research
Checkpoint	a year ago	21st October – Threat Intelligence Report - Check Point Research
BankInfoSecurity	a year ago	ENISA Warns About Hacktivist, Ransomware Crossover
Checkpoint	a year ago	9th September – Threat Intelligence Report - Check Point Research
InfoSecurity-magazine	a year ago	Published Vulnerabilities Surge by 43%
InfoSecurity-magazine	a year ago	Geopolitical Tensions Drive Explosion in DDoS Attacks
Securityaffairs	a year ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a year ago	security-affairs-malware-newsletter-round-5
Securityaffairs	a year ago	US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group
InfoSecurity-magazine	a year ago	Hacktivist Groups Target Romania Amid Geopolitical Tensions
BankInfoSecurity	2 years ago	Breach Roundup: CIA Hacking Tool Leaker Gets 40 Years
Securityaffairs	2 years ago	Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'
BankInfoSecurity	2 years ago	Ukraine Cyber Defenders Prepare for Winter
DARKReading	2 years ago	Microsoft Threat Report: How Russia’s War on Ukraine Is Impacting the Global Cybersecurity Community
CERT-EU	3 years ago	Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists
Flashpoint	3 years ago	For Money and Attention: Killnet Apparently Reorganizes Again