| ID | Votes | Profile Description |
|---|---|---|
| APT29 | 8 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
| NOBELIUM | 6 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
| Cozy Bear | 5 | Cozy Bear, also known as APT29, is a threat actor linked to the Russian government that has been implicated in numerous cyber-espionage activities. The group's activities have been traced back to at least 2015, when they were identified as infiltrating the Democratic National Committee (DNC) network |
| The Dukes | 4 | The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and several other aliases, is a highly active threat actor group widely believed to be associated with the Russian Foreign Intelligence Service (SVR). The group has been operational since at least 2008, targeting various governments, thin |
| Bluebravo | 3 | BlueBravo, also known as APT29 or Nobellium, is a threat actor group linked to Russia that has been implicated in several high-profile cyberattacks. Recently, TeamViewer discovered a breach in its corporate network, with some reports attributing the intrusion to this group. BlueBravo, along with oth |
| Cozybear | 2 | CozyBear, also known as APT29 and Midnight Blizzard, is a threat actor believed to be linked to the Russian state. This group has been actively engaged in cyber operations against Ukraine and its allies and has been involved in several major breaches, including attacks on Okta, Dropbox, Department o |
| Svr | 1 | SVR, also known as Russia's civilian foreign intelligence service, is the successor organization to the KGB’s First Chief Directorate. Known for its cyber capabilities, SVR has been involved in numerous incidents of cyber-espionage and intelligence gathering. The organization targets governmental ne |
| Cloaked Ursa | 1 | Cloaked Ursa, also known as APT29, Midnight Blizzard, Nobelium, and BlueBravo, is a threat actor linked to Russia's Foreign Intelligence Service (SVR). This group has been observed executing cyber-espionage attacks on diplomatic entities throughout Eastern Europe. It utilizes innovative tactics and |
| Darkhalo | 1 | DarkHalo, also known as APT29, Cozy Bear, and tracked by Microsoft as Midnight Blizzard (previously NOBELIUM), is a sophisticated threat actor suspected of executing actions with malicious intent. These actions typically involve cyber attacks and are often attributed to either individual hackers, pr |
| IRON HEMLOCK | 1 | Iron Hemlock, a threat actor also known as APT29, Cozy Bear, BlueBravo, Cloaked Ursa, The Dukes, and Midnight Blizzard, has been identified as a significant cybersecurity concern. This group, suspected to be associated with Russia and previously identified as Nobelium, is known for executing actions |
| Phosphorus | 1 | Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the |
| YTTRIUM | 1 | Yttrium, also known as APT29, CozyBear, UNC2452, NOBELIUM, and Midnight Blizzard, is a prominent threat actor in the cybersecurity landscape. This group has been attributed to several significant cyber-attacks, with its activities largely overlapping with those attributed to APT29 or CozyBear, accor |
| UNC2452 | 1 | UNC2452, also known as APT29, Cozy Bear, Nobelium, and Midnight Blizzard, is a highly skilled and disciplined threat actor group linked to Russia's SVR intelligence agency. The group gained notoriety for its role in the SolarWinds compromise in December 2020, an extensive cyberattack that involved a |
| Dark Halo | 1 | Dark Halo, a cyber threat actor identified by cybersecurity company Volexity, has been linked to several significant cyber attacks. This group initially gained notoriety for its exploitation of the SolarWinds Orion software in June and July 2020, which resulted in a major breach of the targeted orga |
| Star Blizzard | 1 | Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tr |
| Forest Blizzard | 1 | Forest Blizzard, also known as APT28, Fancy Bear, and Strontium, is a threat actor linked to the Russian General Staff Main Intelligence Directorate (GRU) and the 85th Main Special Service Center (GTsSS). The group has been involved in persistent espionage campaigns against European countries, which |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Tomiris | Unspecified | 1 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
| Ursa | Unspecified | 1 | URSA is a harmful malware, typically delivered as an archive attachment to phishing emails. It operates as a backdoor into the infected system, enabling unauthorized access and exploitation. The malware has been particularly active in Latin America, where it's known as the Mispadu banking trojan. Si |
| Graphicalproton | Unspecified | 1 | GraphicalProton is a sophisticated malware developed by the threat group known as SVR, which has been exploiting cloud-based services such as Microsoft OneDrive and Dropbox for Command and Control (C2) infrastructure. The malware uses randomly generated BMPs to exchange data with the SVR operator an |
| Gootloader | Unspecified | 1 | GootLoader is a potent malware that forms part of the GootKit malware family, which has been active since 2014. The malware operates by exploiting systems through suspicious downloads, emails, or websites, often without the user's knowledge. Its primary targets are professionals working in law firms |
| Monti | Unspecified | 1 | The Monti group, a malicious cyber entity, has been active since June 2022, shortly after the Conti ransomware gang shut down its operations. The group is known for its malware, Monti, which is a particularly harmful program designed to exploit and damage computer systems. It infiltrates systems thr |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| APT28 | Unspecified | 2 | APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the |
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-38831 | is related to | 1 | CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil |
| CVE-2024-23917 | Unspecified | 1 | None |
| CVE-2023-42793 | Unspecified | 1 | CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre |
| CVE-2024-0769 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| Securityaffairs | 5 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 6 days ago | Security Affairs Malware Newsletter - Round 3 |
| Securityaffairs | 12 days ago | Security Affairs Malware Newsletter - Round 2 |
| Securityaffairs | 20 days ago | Security Affairs Malware Newsletter - Round 1 |
| Securityaffairs | 20 days ago | Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Russia-linked group APT29 likely breached TeamViewer |
| Securityaffairs | a month ago | Russia's Midnight Blizzard stole email of more Microsoft customers |
| Securityaffairs | a month ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION |
| DARKReading | a month ago | Network Segmentation Saved TeamViewer From APT29 Attack |
| InfoSecurity-magazine | a month ago | TeamViewer Cyber-Attack Attributed to Russian APT Midnight Blizzard |
| Securityaffairs | a month ago | Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION |
| Securityaffairs | a month ago | Russia-linked APT Nobelium targets French diplomatic entities |
| DARKReading | a month ago | Russia's Midnight Blizzard Seeks to Snow French Diplomats |
| InfoSecurity-magazine | a month ago | French Diplomatic Entities Targeted by Russian-Aligned Nobelium |
| Securityaffairs | a month ago | Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION |
| BankInfoSecurity | a month ago | Microsoft President Admits to Major Security Failures |
| BankInfoSecurity | 2 months ago | Check Point Alert: Attackers Targeting Poorly Secured VPNs |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION |
| DARKReading | 3 months ago | Microsoft Will Hold Execs Accountable for Cybersecurity |
| Securityaffairs | 3 months ago | Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION |