Cyberarmyofrussia_reborn

Threat Actor updated 4 months ago (2024-05-05T02:18:05.802Z)

Download STIX

Preview STIX

CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen data and execute DDoS attacks against selected targets. Despite their claim of independence, evidence suggests that their activities are closely tied to other Russian hacking groups, specifically Sandworm and APT44. The Mandiant report reveals that Sandworm has close ties with CyberArmyofRussia_Reborn, suggesting that these groups may be working together or even be different facets of the same operation. Furthermore, it is believed that APT44 has the ability to direct and influence CyberArmyofRussia_Reborn's activities across multiple platforms. This relationship, however, cannot be conclusively determined as exclusive. It is suggested that APT44 could be using personas such as CyberArmyofRussia_Reborn to avoid direct attribution and potential backlash. In addition to its activities in Eastern Europe, CyberArmyofRussia_Reborn has also been involved in operations across North America, Europe, the Middle East, Central Asia, and Latin America. The group is part of a larger network of pro-Russian "hacktivist" groups, which includes Killnet, NoName057(16), XakNet Team, Anonymous Russia, and Cyber Army of Russia. These groups often use Telegram channels to leak stolen files and technical documentation, further highlighting the global threat posed by these actors.

Description last updated: 2024-05-05T01:42:58.420Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Sandworm	3	Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio
Unc3810	2	UNC3810 is a malware identified and tracked by cybersecurity firm Mandiant, notorious for its deployment of CaddyWiper in October 2022. This malicious software is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. The threat actor, init
Apt44	2	APT44, previously known as Sandworm, is a Russian military intelligence hacking team newly designated by Mandiant. The group has been active in conducting campaigns leveraging Sandworm malware since the start of 2023, primarily targeting Ukraine, Eastern Europe, and investigative journalists. APT44'

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Russia

Mandiant

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
CaddyWiper	Unspecified	2	CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip

Source Document References

Information about the Cyberarmyofrussia_reborn Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	5 months ago	Russia’s Sandworm Upgraded to APT44 by Google's Mandiant
BankInfoSecurity	5 months ago	The Global Menace of the Russian Sandworm Hacking Team
DARKReading	5 months ago	Sandworm Is Russia's Top Cyberattack Unit in Ukraine
CERT-EU	a year ago	At least 23 Russian hacker groups targeted Ukraine in 2023, Ukraine’s cyber defense says
Securityaffairs	a year ago	Sandworm APT uses WinRAR in destructive attacks on Ukraine
Securityaffairs	a year ago	Google TAG warns of Russia-linked APT groups targeting Ukraine
BankInfoSecurity	a year ago	WinRAR Weaponized for Attacks on Ukrainian Public Sector
CERT-EU	a year ago	Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine
BankInfoSecurity	a year ago	Ukrainian Telcos Targeted by Suspected Sandworm Hackers
BankInfoSecurity	10 months ago	Ukraine Tracks a Record Number of Cyber Incidents During War