Eastwind

Threat Actor updated 4 days ago (2024-11-20T18:13:26.818Z)

Download STIX

Preview STIX

EastWind is a threat actor identified by cybersecurity firm Kaspersky, known for executing actions with malicious intent. The group has recently launched a new campaign targeting Russian organizations, utilizing tools such as CloudSorcerer, APT31, and APT27. This campaign, dubbed "EastWind" by Kaspersky researchers, was discovered during an investigation into devices infected via phishing emails with malicious shortcut attachments. In this campaign, EastWind has been using a Trojan malware known as "GrewApacha," which has been associated with the China-nexus actor APT31 since at least 2021. GrewApacha allows EastWind to gather information about infected systems and install additional malicious payloads on them. While Kaspersky hasn't explicitly linked either APT31 or APT27 to the EastWind campaign, they have noted the use of both groups' malware in these attacks. The EastWind campaign's use of tools from different threat actors highlights a common trend among Advanced Persistent Threat (APT) groups: collaboration and sharing of malware tools and knowledge. Kaspersky interprets this as a sign of how interconnected and complex the landscape of cyber threats has become. Despite the unclear direct affiliations, the presence of these diverse tools within the EastWind campaign underscores its potential severity and sophistication.

Description last updated: 2024-11-15T16:03:12.446Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
APT31 is a possible alias for Eastwind. APT31, also known as Zirconium, is a threat actor believed to be linked to the Chinese government. This group has been associated with numerous cyber attacks, including a significant exploit of CVE-2017-0005. This exploit, dubbed "Jian," was initially attributed to APT31 but upon further analysis by	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Eastwind Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	9 days ago	Crimeware and financial predictions for 2025
Securelist	a month ago	Kernel shellcode persistence technique in APT attacks and SAS CTF challenge
Securelist	a month ago	Cyberthreats in the Middle East H1 2024
DARKReading	3 months ago	'EastWind' Cyber Spy Campaign Combines Various Chinese APT Tools