ELECTRUM

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Electrum is a threat actor that has been associated with various cyber-attacks, including those against Ukraine on February 1, 2022. These attacks were Bitcoin-themed and involved the use of Electrum Bitcoin wallets, with similarities observed in later attacks carried out in April. The initial loader Trojan used in these attacks was signed using a certificate that had "Electrum Technologies GmbH" within the organization field. This group has been linked to multiple incidents, including repeated power grid outages in Ukraine. The geopolitical tension between Ukraine and Russia has seemingly prompted more mature threat groups like Electrum to increase their activities. This threat actor has also been linked to Kamacite, another threat group believed to focus on gaining initial access before handing off to Electrum, which functions as an "ICS effects team." The increasing activity from such groups amid international conflicts has led to heightened cyber espionage attacks against industrial organizations in the Asia-Pacific region and the United States. The collaboration between these groups further underscores the complexity and sophistication of their operations. Electrum's capabilities extend beyond conventional attacks. They have leveraged new malware, such as the Atomic Stealer, to steal browser data and assets from cryptocurrency wallets, including Atomic, Exodus, Coinomi, and Electrum. Their targeted applications include cryptocurrency apps for major currencies, popular browsers, and email clients. In addition to banking sites, they've adapted to trends by searching for information regarding Bitcoin on infected machines, actively looking for strings such as 'bitcoin', 'Electrum', and 'binance'. This ability to target multiple cryptowallets and adapt to evolving technologies makes Electrum a significant threat in the cybersecurity landscape.
What's your take? (Question 1 of 5)
596b2ccd-fe48-4f10-88e9-cbeea0f62557 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Kamacite
2
Kamacite, a threat actor believed to be a unit of the Russian military intelligence service (GRU), has been observed targeting infrastructure across Europe, Ukraine, and the United States. This group is primarily focused on gaining initial access to networks using an implant known as Cyclops Blink.
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Bitcoin
Ics
Dragos
Chrome
Firefox
Outlook
Malware
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AmosUnspecified
2
AMOS is a malicious software (malware) that has been specifically designed to target Mac systems, both Intel-based and ARM-based. It is capable of stealing passwords, personal files, and information from crypto wallets, posing a significant threat to user security. AMOS was first identified as part
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SandwormUnspecified
3
Sandworm is a threat actor, often linked to Russia, known for its high-profile cyber attacks. The group gained notoriety for compromising 11 Ukrainian telecommunications providers and infiltrating Ukraine's telecom giant Kyivstar for months. In addition, Sandworm was responsible for disrupting power
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the ELECTRUM Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot
MITRE
a year ago
ELECTRUM Threat Group | Dragos
Secureworks
a year ago
The Growing Threat from Infostealers
CSO Online
a year ago
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
Checkpoint
5 months ago
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components - Check Point Research
Securityaffairs
5 months ago
New Version of Meduza Stealer Released in Dark Web
CERT-EU
a year ago
Hackers are Selling a new Atomic macOS (AMOS) Stealer on Telegram
CERT-EU
a year ago
Хакеры снова используют Google Ads для распространения зловредного ПО FatalRAT
Securityaffairs
a year ago
Atomic macOS Stealer is advertised on Telegram for $K per month
CERT-EU
a year ago
Cyberattacks on Industrial Control Systems Jumped in 2022
CERT-EU
a year ago
New AMOS Mac malware targets passwords, personal files, crypto wallets
CERT-EU
a year ago
APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.
CERT-EU
a year ago
Hacker Group Names Are Now Absurdly Out of Control | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
Cyber security week in review: April 28, 2023
CERT-EU
a year ago
Un nouveau stealer vise les machines sous macOS
CERT-EU
a year ago
Attention, un redoutable malware s'attaque aux gestionnaires de mots de passe
CERT-EU
a year ago
Les portefeuilles de crypto sont ciblés par un nouveau « stealer » sur Mac
CERT-EU
a year ago
Niet zomaar op systeemmeldingen klikken aub
Checkpoint
a year ago
Rhadamanthys: The “Everything Bagel” Infostealer - Check Point Research
CERT-EU
a year ago
Anomali Cyber Watch: APT37 Adopts LNK Files, Charming Kitten Uses BellaCiao Implant-Dropper, ViperSoftX Infostealer Unique Byte Remapping Encryption