Frozenlake

Threat Actor updated 5 months ago (2024-05-04T21:18:46.702Z)
Download STIX
Preview STIX
Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vulnerabilities such as the WinRAR flaw to deploy malware, often through sophisticated phishing operations. These campaigns have been observed throughout 2021, with notable global operations occurring in September and October. The group's activities were analyzed in detail by Mandiant, which identified Frozenlake's involvement in a global phishing operation conducted in late 2021. CERT-UA, Ukraine's computer emergency response team, also reported that Frozenlake exploited the WinRAR vulnerability to target energy infrastructure in September 2021. Furthermore, Frozenlake was linked to the distribution of IRONJAW malware, first observed in late July through early August, hosted on free hosting providers. Various cybersecurity entities have attributed attacks to Frozenlake. Microsoft referred to the group as Forest Blizzard (formerly Strontium), while others like Recorded Future identified their spear-phishing campaigns under the name BlueDelta. In addition to their primary focus on Ukraine, overlaps in victimology suggest some level of cooperation between Frozenlake and another Russian nation-state actor known as Sofacy. The group has also been associated with the exploitation of CVE-2023-38831, a vulnerability used in a campaign against Ukraine’s energy infrastructure.
Description last updated: 2024-05-04T20:27:56.950Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Vulnerability
Malware
Decoy
WinRAR
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT28 Threat Actor is associated with Frozenlake. APT28, also known as Fancy Bear, Forest Blizzard, and Unit 26165 of the Russian Main Intelligence Directorate, is a Russia-linked threat actor that has been active since at least 2007. This group has targeted governments, militaries, and security organizations worldwide with a particular focus on thhas used
5
The Sandworm Threat Actor is associated with Frozenlake. Sandworm, also known as APT44, is a Russia-linked threat actor that has been implicated in several major cyberattacks. This group has been particularly active against targets in Ukraine and Poland, with significant operations including the compromise of 11 Ukrainian telecommunications providers, whiUnspecified
2
The Forest Blizzard Threat Actor is associated with Frozenlake. Forest Blizzard, also known as APT28, Fancy Bear, and Strontium, is a threat actor linked to the Russian General Staff Main Intelligence Directorate (GRU) and the 85th Main Special Service Center (GTsSS). The group has been involved in persistent espionage campaigns against European countries, whichhas used
2
Source Document References
Information about the Frozenlake Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
10 months ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
InfoSecurity-magazine
2 years ago
Securityaffairs
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago