Cyberarmyofrussia_reborn

Threat Actor updated 23 days ago (2024-11-29T13:40:51.953Z)
Download STIX
Preview STIX
CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen data and execute DDoS attacks against selected targets. Despite their claim of independence, evidence suggests that their activities are closely tied to other Russian hacking groups, specifically Sandworm and APT44. The Mandiant report reveals that Sandworm has close ties with CyberArmyofRussia_Reborn, suggesting that these groups may be working together or even be different facets of the same operation. Furthermore, it is believed that APT44 has the ability to direct and influence CyberArmyofRussia_Reborn's activities across multiple platforms. This relationship, however, cannot be conclusively determined as exclusive. It is suggested that APT44 could be using personas such as CyberArmyofRussia_Reborn to avoid direct attribution and potential backlash. In addition to its activities in Eastern Europe, CyberArmyofRussia_Reborn has also been involved in operations across North America, Europe, the Middle East, Central Asia, and Latin America. The group is part of a larger network of pro-Russian "hacktivist" groups, which includes Killnet, NoName057(16), XakNet Team, Anonymous Russia, and Cyber Army of Russia. These groups often use Telegram channels to leak stolen files and technical documentation, further highlighting the global threat posed by these actors.
Description last updated: 2024-05-05T01:42:58.420Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Sandworm is a possible alias for Cyberarmyofrussia_reborn. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c
3
Unc3810 is a possible alias for Cyberarmyofrussia_reborn. UNC3810 is a malware identified and tracked by cybersecurity firm Mandiant, notorious for its deployment of CaddyWiper in October 2022. This malicious software is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. The threat actor, init
2
Apt44 is a possible alias for Cyberarmyofrussia_reborn. APT44, also known as Sandworm, is a threat actor newly designated by Mandiant and associated with the Russian military intelligence hacking team. This group has been active since the start of 2023, conducting campaigns leveraging Sandworm malware, primarily targeting Ukraine, Eastern Europe, and inv
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Wiper
Russia
Mandiant
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The CaddyWiper Malware is associated with Cyberarmyofrussia_reborn. CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWipUnspecified
2
Source Document References
Information about the Cyberarmyofrussia_reborn Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more