Earth Vetala

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Earth Vetala is a notorious threat actor that has been active in the cyber world for some time now. This group is known by several names such as Boggy Serpens, Cobalt Ulster, ITG17, Mercury, Seedworm, Static Kitten, TEMP.Zagros, and Yellow Nix, making it difficult to track their activities. Earth Vetala has been responsible for several high-profile cyberattacks targeting government agencies, private organizations, and NGOs worldwide. In recent years, Earth Vetala has been linked to various attacks, including the highly sophisticated malware campaigns against Middle Eastern entities. The group also has a history of using spear-phishing techniques to infiltrate networks and steal sensitive data. It's believed they are funded by a nation-state, although the identity of the sponsor(s) remains unknown. One of the most notable attacks attributed to Earth Vetala occurred in 2018 when the group used a malicious document disguised as a job vacancy announcement to infect the computer systems of numerous targets across the Middle East and Europe. The malware enabled Earth Vetala to gain control of the infected machines, allowing them to steal sensitive information and launch further attacks. Overall, Earth Vetala poses a significant threat to global security, and cybersecurity experts must remain vigilant in monitoring their activities.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mango Sandstorm
1
Mango Sandstorm, also known as MuddyWater or Mercury, is a threat actor group linked to Iran's Ministry of Intelligence and Security (MOIS) by the Israeli government. The group has been identified as being involved in several cyber-attacks, utilizing various tactics to gain initial access to targete
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Symantec
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SeedwormUnspecified
1
Seedworm, also known as MuddyWater, TEMP.Zagros, Static Kitten, and several other monikers, is a threat actor believed to be linked with Iran's Ministry of Intelligence and Security (MOIS). This cyberespionage group has been active since 2017, targeting various sectors globally, including government
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Earth Vetala Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
CERT-EU
a year ago
MuddyWater + DEV-1084: исследователи кибербезопасности выявили эффективный союз иранских злоумышленников