Cyberarmyofrussia_reborn

Threat Actor updated 7 months ago (2024-05-05T02:18:05.802Z)

Download STIX

Preview STIX

CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen data and execute DDoS attacks against selected targets. Despite their claim of independence, evidence suggests that their activities are closely tied to other Russian hacking groups, specifically Sandworm and APT44. The Mandiant report reveals that Sandworm has close ties with CyberArmyofRussia_Reborn, suggesting that these groups may be working together or even be different facets of the same operation. Furthermore, it is believed that APT44 has the ability to direct and influence CyberArmyofRussia_Reborn's activities across multiple platforms. This relationship, however, cannot be conclusively determined as exclusive. It is suggested that APT44 could be using personas such as CyberArmyofRussia_Reborn to avoid direct attribution and potential backlash. In addition to its activities in Eastern Europe, CyberArmyofRussia_Reborn has also been involved in operations across North America, Europe, the Middle East, Central Asia, and Latin America. The group is part of a larger network of pro-Russian "hacktivist" groups, which includes Killnet, NoName057(16), XakNet Team, Anonymous Russia, and Cyber Army of Russia. These groups often use Telegram channels to leak stolen files and technical documentation, further highlighting the global threat posed by these actors.

Description last updated: 2024-05-05T01:42:58.420Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Sandworm is a possible alias for Cyberarmyofrussia_reborn. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c	3
Unc3810 is a possible alias for Cyberarmyofrussia_reborn. UNC3810 is a malware identified and tracked by cybersecurity firm Mandiant, notorious for its deployment of CaddyWiper in October 2022. This malicious software is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. The threat actor, init	2
Apt44 is a possible alias for Cyberarmyofrussia_reborn. APT44, also known as Sandworm, is a threat actor newly designated by Mandiant and associated with the Russian military intelligence hacking team. This group has been active since the start of 2023, conducting campaigns leveraging Sandworm malware, primarily targeting Ukraine, Eastern Europe, and inv	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Wiper

Russia

Mandiant

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The CaddyWiper Malware is associated with Cyberarmyofrussia_reborn. CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip	Unspecified	2

Source Document References

Information about the Cyberarmyofrussia_reborn Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	7 months ago	Russia’s Sandworm Upgraded to APT44 by Google's Mandiant
BankInfoSecurity	7 months ago	The Global Menace of the Russian Sandworm Hacking Team
DARKReading	7 months ago	Sandworm Is Russia's Top Cyberattack Unit in Ukraine
CERT-EU	a year ago	At least 23 Russian hacker groups targeted Ukraine in 2023, Ukraine’s cyber defense says
Securityaffairs	2 years ago	Sandworm APT uses WinRAR in destructive attacks on Ukraine
Securityaffairs	2 years ago	Google TAG warns of Russia-linked APT groups targeting Ukraine
BankInfoSecurity	2 years ago	WinRAR Weaponized for Attacks on Ukrainian Public Sector
CERT-EU	a year ago	Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine
BankInfoSecurity	a year ago	Ukrainian Telcos Targeted by Suspected Sandworm Hackers
BankInfoSecurity	a year ago	Ukraine Tracks a Record Number of Cyber Incidents During War