Nodaria

Threat Actor updated 5 months ago (2024-05-04T21:17:28.807Z)
Download STIX
Preview STIX
Nodaria (UAC-0056), a Russia-sponsored threat actor, has been active since at least March 2021, primarily targeting Ukraine but also known to have targeted entities in Kyrgyzstan and Georgia. Initially relatively unknown, Nodaria's activities escalated significantly following the Russian invasion of Ukraine, leading to its recognition as a key player in Russia's ongoing cyber campaigns against Ukraine. The group first gained significant attention in January 2022 when Ukraine’s Computer Emergency Response Team (CERT-UA) highlighted their use of SaintBot and OutSteel malware in spear-phishing attacks targeting government entities. From October 2022 into 2023, Nodaria deployed a new information-stealing malware, dubbed Graphiron, against targets in Ukraine. This sophisticated malware, attributed to Nodaria by Broadcom-owned Symantec, demonstrated advanced information gathering capabilities and multiple evasion techniques. CERT-UA noted that Nodaria had breached multiple Ukrainian government websites using backdoors placed as far back as December 2021. With the deployment of Graphiron, Nodaria joined another Russian state-sponsored group, Gamaredon, in extensively singling out Ukraine for cyberattacks. Their tactics include compromising websites, typosquatting, malicious redirecting through pseudo-short URL domains, AdSense fraud via Google AdSense, and using DDoS-Guard and WordPress. The high-level activity of Nodaria over the past year suggests an escalating trend in cyber espionage operations linked to geopolitical tensions.
Description last updated: 2024-05-04T21:16:06.385Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apt
Ukraine
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The WhisperGate Malware is associated with Nodaria. WhisperGate is a destructive malware that has been employed by threat actors since 2020, with its first known deployment against Ukrainian organizations occurring in January 2022. These actors have used the malware to damage computer systems and render them inoperable, targeting not only Ukraine butUnspecified
2