IRON VIKING

Threat Actor updated a year ago (2024-11-29T14:21:03.521Z)
Download STIX
Preview STIX
Iron Viking, a threat actor group also known as Sandworm, Telebots, Voodoo Bear, and other names, has been active since 2000. This group operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). Iron Viking is notorious for its destructive cyber-espionage campaigns, using tools such as NotPetya for their disruptive capabilities. The group was first uncovered by Ukraine's security agency, the SBU, which attributed a recent attack to Iron Viking. The group's activities have evolved over time, with different facets of its operations being observed by various cybersecurity companies, leading to the multitude of names associated with it. For instance, the group has been linked to BlackEnergy, UAC-0082, and others, each name reflecting a different aspect of the group's activities. Despite the varying nomenclature, the constant factor remains the group's malicious intent and its affiliation with the Russian GRU. The group's actions pose significant threats to global cybersecurity, demonstrating advanced capabilities and a clear willingness to deploy destructive attacks. Understanding the operations of Iron Viking and similar groups is crucial for developing effective cybersecurity strategies and defenses.
Description last updated: 2024-04-18T15:16:38.434Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Sandworm is a possible alias for IRON VIKING. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c
3
Telebots is a possible alias for IRON VIKING. TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize
2
Voodoo Bear is a possible alias for IRON VIKING. VOODOO BEAR, also known as Sandworm, Seashell Blizzard, and other names such as Iridium, Iron Viking, Telebots, and APT44, is a highly advanced threat actor with a suspected nexus to the Russian Federation. First identified in January 2018, this group has been active since 2000 and operates under th
2
Seashell Blizzard is a possible alias for IRON VIKING. Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the IRON VIKING Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
InfoSecurity-magazine
10 days ago
Securityaffairs
19 days ago
Securityaffairs
2 years ago
Securityaffairs
2 years ago
Securityaffairs
2 years ago
InfoSecurity-magazine
2 years ago
Securityaffairs
2 years ago
Securityaffairs
2 years ago
Secureworks
3 years ago
Securityaffairs
3 years ago
CERT-EU
3 years ago
Securityaffairs
3 years ago