Kamacite

Kamacite, a threat actor believed to be a unit of the Russian military intelligence service (GRU), has been observed targeting infrastructure across Europe, Ukraine, and the United States. This group is primarily focused on gaining initial access to networks using an implant known as Cyclops Blink. Once this initial access is established, Kamacite hands over control to another group called Electrum, which is typically tasked with executing destructive operations. A concerning pattern has emerged in Kamacite's activities; it appears to be working closely with Electrum, functioning as an "ICS effects team". In particular, these groups have been linked to repeated power grid outages in Ukraine, among other incidents. This suggests that Kamacite and Electrum are not just involved in initial breaches but also potentially in subsequent attacks that can cause significant disruption to critical infrastructure. The ongoing activities of Kamacite and Electrum highlight the persistent and evolving threat posed by state-sponsored cyber actors. Both groups are associated with Sandworm, another entity believed to be part of the Russian military intelligence service. The cybersecurity community must remain vigilant against these threats, developing robust defenses and response strategies to mitigate the potential damage caused by these sophisticated threat actors.