Gossamer Bear

Threat Actor updated 3 months ago (2024-05-23T16:17:34.386Z)

Download STIX

Preview STIX

Gossamer Bear, also known as Callisto, Blue Callisto, BlueCharlie (or TAG-53), Calisto, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is a significant threat actor that has been active since 2019. The group primarily focuses on credential harvesting and conducts hack-and-leak campaigns targeting Ukraine and North Atlantic Treaty Organization (NATO) countries. Gossamer Bear has utilized compromised WordPress sites to impede attribution of their C2 servers, a tactic shared with other threat actors such as APT29 and Gamaredon. This group targets a wide range of sectors, including international affairs, defense, and logistics support to Ukraine. The report highlights the fact that Gossamer Bear, along with other actors like Frozenlake/Fancy Bear, Frozenvista, and the Belarusian actor Puschcha (UNC1151), have focused on specific types of attacks. While some groups prefer phishing campaigns against Ukraine and NATO countries, Gossamer Bear opts for more disruptive hack-and-leak campaigns, particularly against Ukraine and the UK. They are suspected of using pro-Russia media outlets to launder information acquired through collection operations, showcasing an alarming evolution in their tactics. In conclusion, Gossamer Bear represents a substantial cybersecurity threat due to its evolving tactics, persistent focus on key geopolitical regions, and its ability to impede attribution attempts. Their use of pro-Russia media outlets to disseminate acquired information further exacerbates the threat they pose. As this group continues to target individuals and organizations involved in international affairs, defense, and logistics support to Ukraine, it's crucial to stay vigilant and continually adapt defensive strategies to counter their evolving tactics.

Description last updated: 2024-05-23T15:20:04.980Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
COLDRIVER	2	Coldriver, also known as Star Blizzard, (Blue) Callisto, Blue Charlie, and Seaborgium, is a notorious Russia-based cyber-espionage group believed to be linked to the Federal Security Service's (FSB) Centre 18. The group has been actively involved in numerous malicious activities, including disinform
Callisto	2	Callisto, also known as Gossamer Bear, COLDRIVER, UNC4057, Star Blizzard, Blue Charlie, and SEABORGIUM, is a threat actor linked to the Russian state. This group, which has been tracked by various entities including Microsoft, Google's Threat Analysis Group (TAG), and Insikt Group, is known for its

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ukraine

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Gossamer Bear Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Flashpoint	3 months ago	Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024
CERT-EU	8 months ago	Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware
InfoSecurity-magazine	2 years ago	Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine
CERT-EU	9 months ago	Microsoft Alert: COLDRIVER Credential Theft Rising Again