IRON VIKING

Threat Actor updated 4 months ago (2024-05-04T18:41:32.820Z)

Download STIX

Preview STIX

Iron Viking, a threat actor group also known as Sandworm, Telebots, Voodoo Bear, and other names, has been active since 2000. This group operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). Iron Viking is notorious for its destructive cyber-espionage campaigns, using tools such as NotPetya for their disruptive capabilities. The group was first uncovered by Ukraine's security agency, the SBU, which attributed a recent attack to Iron Viking. The group's activities have evolved over time, with different facets of its operations being observed by various cybersecurity companies, leading to the multitude of names associated with it. For instance, the group has been linked to BlackEnergy, UAC-0082, and others, each name reflecting a different aspect of the group's activities. Despite the varying nomenclature, the constant factor remains the group's malicious intent and its affiliation with the Russian GRU. The group's actions pose significant threats to global cybersecurity, demonstrating advanced capabilities and a clear willingness to deploy destructive attacks. Understanding the operations of Iron Viking and similar groups is crucial for developing effective cybersecurity strategies and defenses.

Description last updated: 2024-04-18T15:16:38.434Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Sandworm	3	Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio
Telebots	2	TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize
Voodoo Bear	2	VOODOO BEAR, also known as Sandworm, Seashell Blizzard, and other names such as Iridium, Iron Viking, Telebots, and APT44, is a highly advanced threat actor with a suspected nexus to the Russian Federation. First identified in January 2018, this group has been active since 2000 and operates under th

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the IRON VIKING Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	5 months ago	Previously unknown Kapeka backdoor linked to Sandworm APT
Securityaffairs	8 months ago	Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months
Securityaffairs	10 months ago	Russian Sandworm disrupts power in Ukraine with a new OT attack
InfoSecurity-magazine	10 months ago	Russian APT Sandworm Disrupted Power in Ukraine Using OT Techniques
Securityaffairs	a year ago	Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers
Securityaffairs	a year ago	Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware
Secureworks	2 years ago	BRONZE STARLIGHT Ransomware Operations Use HUI Loader
Securityaffairs	a year ago	Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal
CERT-EU	a year ago	Hacker Group Names Are Now Absurdly Out of Control \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
Securityaffairs	a year ago	Sandworm APT uses WinRAR in destructive attacks on Ukraine