ID | Votes | Profile Description |
---|---|---|
COLDRIVER | 2 | Coldriver, also known as Callisto Group and Star Blizzard, is a threat actor believed to originate from Russia. This entity is recognized for its malicious activities including disinformation campaigns, spear-phishing attacks, and the use of custom malware. The group has been associated with the Rus |
Callisto | 2 | Callisto, also known as Gossamer Bear, COLDRIVER, UNC4057, Star Blizzard, Blue Charlie, and SEABORGIUM, is a threat actor linked to the Russian state. This group, which has been tracked by various entities including Microsoft, Google's Threat Analysis Group (TAG), and Insikt Group, is known for its |
Calisto | 1 | Calisto, also known as BlueCharlie, Blue Callisto, TAG-53, COLDRIVER, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is a threat actor that has been active since 2019. This group targets a wide range of sectors and is particularly focused on individuals and organizations involved in intern |
Blue Callisto | 1 | Blue Callisto, also known as COLDRIVER, BlueCharlie (or TAG-53), Calisto, Gossamer Bear, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is a malicious software program that has been active since 2019. This malware is designed to infiltrate computer systems and devices, often undetected, vi |
TA446 | 1 | TA446, also known as the Callisto APT group, Seaborgium, Star Blizzard, ColdRiver, TAG-53, and BlueCharlie, is a threat actor that has been active since at least 2015. This cyberespionage entity has persistently targeted individuals and organizations involved in international affairs, defense, and l |
Bluecharlie | 1 | BlueCharlie, also known as TAG-53, Blue Callisto, Callisto (or Calisto), COLDRIVER, Star Blizzard (formerly SEABORGIUM), and TA446, is a threat actor that has been linked to Russia and has reportedly been active since 2019. The group has been involved in various malicious activities including cybere |
Star Blizzard | 1 | Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tr |
Unc4057 | 1 | UNC4057, also known as ColdRiver, Star Blizzard, Blue Charlie, and Callisto, is a Russian-backed advanced persistent threat (APT) group that has been active since 2019. This group, sponsored by the Federal Security Service (FSB), has been involved in various malicious activities on behalf of the Rus |
ID | Type | Votes | Profile Description |
---|---|---|---|
Spica | Unspecified | 1 | Spica is a custom malware developed and utilized by the threat group known as Coldriver. The backdoor software, Spica, was first identified by Google's Threat Analysis Group (TAG), which has been tracking its use since as early as September of the previous year. The malware appears to be used in hig |
RomCom | Unspecified | 1 | RomCom is a type of malware, specifically a Remote Access Trojan (RAT), that has been linked to several cyber-attacks across Europe and North America. It was first identified in spring 2022, when third-party and open-source reports highlighted a potential connection between Cuba ransomware actors, R |
Smokeloader | Unspecified | 1 | SmokeLoader is a malicious software (malware) that has been extensively used by threat actors, particularly those associated with the Phobos ransomware. It functions as a backdoor trojan, often arriving on victims' systems via spoofed email attachments embedded with hidden payloads. Once downloaded, |
Rhadamanthys | Unspecified | 1 | Rhadamanthys is a malicious software (malware) that has been leveraged by the threat actor group TA547 to target German organizations. The malware, which infiltrates systems through suspicious downloads, emails, or websites, can steal personal information, disrupt operations, or hold data for ransom |
Rootsaw | Unspecified | 1 | Rootsaw, also known as EnvyScout, is a first-stage payload malware extensively used by state-sponsored group APT29 for their initial access efforts in collecting foreign political intelligence. The malware is typically deployed via phishing emails with HTML file attachments or .HTA files, which exec |
ID | Type | Votes | Profile Description |
---|---|---|---|
APT28 | Unspecified | 1 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
APT29 | Unspecified | 1 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
Apt44 | Unspecified | 1 | APT44, previously known as Sandworm, is a Russian military intelligence hacking team newly designated by Mandiant. The group has been active in conducting campaigns leveraging Sandworm malware since the start of 2023, primarily targeting Ukraine, Eastern Europe, and investigative journalists. APT44' |
Gamaredon | Unspecified | 1 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E |
Turla | Unspecified | 1 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
Winter Vivern | Unspecified | 1 | Winter Vivern is a threat actor group that has recently been active in the cybersecurity landscape. This group, which is believed to align with the interests of Belarus, has been involved in a series of malicious activities targeting different entities. They have notably exploited a zero-day vulnera |
Frozenvista | Unspecified | 1 | None |
ID | Type | Votes | Profile Description |
---|---|---|---|
Frozenlake/fancy | Unspecified | 1 | None |
Source | CreatedAt | Title |
---|---|---|
Flashpoint | 2 months ago | Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024 |
CERT-EU | 6 months ago | Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware |
InfoSecurity-magazine | a year ago | Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine |
CERT-EU | 7 months ago | Microsoft Alert: COLDRIVER Credential Theft Rising Again |