Poseidon Group

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
The Poseidon Group is a recognized threat actor in the cybersecurity sphere, known for its complex and tailored cyber-attacks. This group's primary mode of operation involves leveraging its deep understanding of Windows network administration to exploit vulnerabilities within corporate environments. They deploy a customized toolset designed for lateral movement and credential harvesting, often targeting SQL servers and other products common in these settings. The IGT tool, one of their main tools, is used to inventory the system, collecting data from network interfaces, addresses, credentials related to the Domain and database server, services run from the OS, and any other information that could aid in customizing the attack to its victim. Kaspersky Lab has confirmed the previously described operating procedures for the Poseidon Group, detecting their malware with specific detection names. Variants of the Poseidon Group’s malware have been identified, reflecting the group's adaptability and continuous evolution of its malicious tools. These practices underscore the Poseidon Group's sophistication and pose a significant threat to organizations without robust security measures in place. One distinguishing feature of the Poseidon Group is its approach to command and control (C&C) servers. They exhibit an interesting strategy of incorporating redundancies and quickly discarding C&Cs after specific campaigns. While this makes tracking and mitigating their activities challenging, as of the latest reports, it remains unclear whether the C&C servers used by the Poseidon Group are still active. This uncertainty further emphasizes the need for constant vigilance and proactive defense strategies against such advanced threat actors.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Kaspersky
Lateral Move...
Malware
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Poseidon Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage