Eastwind

Threat Actor updated 17 days ago (2024-10-17T12:04:40.119Z)
Download STIX
Preview STIX
Eastwind is a threat actor that has been under investigation by Kaspersky researchers due to its malicious activities. The campaign, dubbed "EastWind", was discovered during an investigation into devices infected via phishing emails containing malicious shortcut attachments. This threat actor has been particularly active in targeting Russian government entities, although the direct involvement of Eastwind with these attacks has not been explicitly confirmed by Kaspersky. The EastWind campaign has demonstrated the use of tools from different threat actors, indicating the collaboration and sharing of malware tools and knowledge among Advanced Persistent Threat (APT) groups. This practice is common within the cybersecurity landscape and further complicates the attribution of cyberattacks. Although no specific group has been directly linked to the EastWind campaign, Kaspersky noted the presence of malware from multiple groups in the attacks. One notable tool used in the EastWind campaign is a Trojan known as "GrewApacha", which has been associated with the APT31 group, a China-nexus actor. GrewApacha has been in use since at least 2021, and Kaspersky observed the threat actor behind EastWind using this malware to collect information about infected systems and to install additional malicious payloads. This indicates that EastWind is not only capable of sophisticated cyber espionage but also has access to advanced tools and techniques shared among APT groups.
Description last updated: 2024-10-17T11:56:32.666Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT31 is a possible alias for Eastwind. APT31, also known as Zirconium, is a threat actor identified as operating on behalf of China's Ministry of State Security in Wuhan. This group is recognized for its sophisticated techniques and tools, including the "GrewApacha" Trojan, which has been in use since at least 2021. APT31's primary missi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Eastwind Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more