| ID | Votes | Profile Description |
|---|---|---|
| APT28 | 7 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| STRONTIUM | 4 | Strontium, also known as APT28, Fancy Bear, Forest Blizzard, and several other aliases, is a Russia-linked threat actor that has been active since at least 2007. This group, believed to be associated with the Russian General Staff Main Intelligence Directorate (GRU), has targeted governments, milita |
| Pawn Storm | 3 | Pawn Storm, also known as APT28, Fancy Bear, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor that has been active since at least 2007. This group is notorious for targeting governments, militaries, and security organizations worldwide. In recent years, the methods employed by Pawn |
| Sednit | 2 | Sednit, also known as APT28, Fancy Bear, Strontium/Forest Blizzard, Pawn Storm, Sofacy, and BlueDelta, is a threat actor associated with Russia's military intelligence. Active since at least 2007, the group has targeted governments, militaries, and security organizations worldwide. ESET has shed lig |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Conti | Unspecified | 1 | Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in |
| InvisiMole | Unspecified | 1 | InvisiMole is a sophisticated malware with modular architecture, designed to infiltrate and exploit computer systems undetected. It begins its operation using a wrapper DLL and performs activities through two other modules embedded in its resources. Notably, the malware is capable of scanning enable |
| NotPetya | Unspecified | 1 | NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Sofacy | Unspecified | 3 | Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e |
| IRON TWILIGHT | Unspecified | 2 | IRON TWILIGHT is a threat actor believed to be associated with the GRU, Russia's military intelligence agency. This association has been suggested by various researchers, including those from CrowdStrike and CTU, based on the characteristics of the group's activities. The group became particularly a |
| Cozy Bear | Unspecified | 2 | Cozy Bear, also known as APT29, is a threat actor linked to the Russian government that has been implicated in numerous cyber-espionage activities. The group's activities have been traced back to at least 2015, when they were identified as infiltrating the Democratic National Committee (DNC) network |
| Cobalt Gang | Unspecified | 1 | The Cobalt Gang, also known as GOLD KINGSWOOD, is a highly capable, sophisticated, and financially driven criminal threat group that has been actively compromising financial organizations since at least 2016. The group is notorious for its advanced tactics and techniques, including the use of the Mo |
| MuddyWater | Unspecified | 1 | MuddyWater is an advanced persistent threat (APT) group, also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros. This threat actor has been linked to the Iranian Ministry of Intelligence and Security (MOIS) according to a joint advisory from cybersecurity firms. The group empl |
| Bluedelta | Unspecified | 1 | Bluedelta is a threat actor associated with the Russian state-sponsored hacking operation APT28 or Fancy Bear. In a recent spear-phishing campaign that began in November 2021, several government entities and a military aviation organization in Ukraine had their email servers targeted by Bluedelta. T |
| Frozenbarents | Unspecified | 1 | Frozenbarents, also known as Sandworm or Voodoo Bear, is a threat actor linked to Russia's GRU military intelligence agency. Noted for its versatility, the group has executed a variety of cyber-attacks against Ukraine and NATO countries, with a particular emphasis on critical infrastructure, utiliti |
| Sandworm | Unspecified | 1 | Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met |
| KillNet | Unspecified | 1 | Killnet is a pro-Russian threat actor group that has been linked to a series of disruptive cyberattacks, particularly targeting governments and organizations that have expressed support for Ukraine. The group's activities gained prominence after Russia was banned from the 2022 FIFA World Cup due to |
| APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| ACTINIUM | Unspecified | 1 | Actinium, also known as Primitive Bear or Shuckworm, is a notable threat actor in the realm of cyber espionage, primarily focusing on Ukraine. This group is one of several Russian government Advanced Persistent Threat (APT) hacking teams that have actively engaged in cyber operations against Ukraine |
| NOBELIUM | Unspecified | 1 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
No associations to display |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | a year ago | Ukrainian email servers subjected to Russian APT cyberespionage operation |
| Securityaffairs | a year ago | APT28 hacked Roundcube email servers of Ukrainian entities |
| CERT-EU | a year ago | Cyber Security Today, June 21, 2023 – More MOVEit victims, more ransomware news and 100,000 stolen ChatGPT credentials up for sale | IT World Canada News |
| CERT-EU | a year ago | Russian hackers breach Ukrainian government and military entities |
| Recorded Future | a year ago | BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future |
| CERT-EU | a year ago | Russia sent its reserve team to wipe Ukrainian hard drives |
| CERT-EU | a year ago | CISA bans remote management of network devices |
| CERT-EU | a year ago | How Hackers Outwit All Efforts to Stop Them: "It's a Cyber Pandemic." | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security |
| CSO Online | a year ago | Gigabyte firmware component can be abused as a backdoor |
| BankInfoSecurity | a year ago | Ukraine Identifies Central Asian Cyberespionage Campaign |
| MITRE | a year ago | Our Work with the DNC: Setting the record straight |
| MITRE | a year ago | How they did it (and will likely try again): GRU hackers vs. US elections |
| MITRE | a year ago | IRON TWILIGHT Supports Active Measures |
| MITRE | a year ago | Cobalt Group 2.0 |
| MITRE | a year ago | Sednit Espionage Group Attacking Air‑Gapped Networks | WeLiveSecurity |
| CERT-EU | a year ago | 烏克蘭 |
| CERT-EU | a year ago | ⛑️ Le gang Russe Killnet perturbe les opérations de sauvetage de l’OTAN en Turquie. Beaucoup de bruit pour rien ? |
| BankInfoSecurity | a year ago | Ukraine Tracks Increased Russian Focus on Cyberespionage |
| CSO Online | a year ago | Two Patch Tuesday flaws you should fix right now |
| CERT-EU | a year ago | Cyber security week in review: March 17, 2023 |