Kamacite

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Kamacite, a threat actor believed to be a unit of the Russian military intelligence service (GRU), has been observed targeting infrastructure across Europe, Ukraine, and the United States. This group is primarily focused on gaining initial access to networks using an implant known as Cyclops Blink. Once this initial access is established, Kamacite hands over control to another group called Electrum, which is typically tasked with executing destructive operations. A concerning pattern has emerged in Kamacite's activities; it appears to be working closely with Electrum, functioning as an "ICS effects team". In particular, these groups have been linked to repeated power grid outages in Ukraine, among other incidents. This suggests that Kamacite and Electrum are not just involved in initial breaches but also potentially in subsequent attacks that can cause significant disruption to critical infrastructure. The ongoing activities of Kamacite and Electrum highlight the persistent and evolving threat posed by state-sponsored cyber actors. Both groups are associated with Sandworm, another entity believed to be part of the Russian military intelligence service. The cybersecurity community must remain vigilant against these threats, developing robust defenses and response strategies to mitigate the potential damage caused by these sophisticated threat actors.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
ELECTRUM
2
Electrum is a threat actor that has been associated with various cyber-attacks, including those against Ukraine on February 1, 2022. These attacks were Bitcoin-themed and involved the use of Electrum Bitcoin wallets, with similarities observed in later attacks carried out in April. The initial loade
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Kamacite Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CSO Online
a year ago
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
BankInfoSecurity
2 months ago
Defending Operational Technology Environments: Basics Matter