| ID | Votes | Profile Description |
|---|---|---|
| APT28 | 7 | APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor linked to Russia that has been active since at least 2007. The group has targeted governments, militaries, and security organizations worldwide, including the German Social Democratic Party |
| Industroyer | 6 | Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The ma |
| GreyEnergy | 5 | GreyEnergy is a type of malware, or malicious software, designed to exploit and damage computer systems. It is believed to have been used in attacks on Ukraine's power grid in 2018 by the Russia-linked Advanced Persistent Threat (APT) group, Sandworm. Security firm WithSecure has identified overlaps |
| BlackEnergy | 5 | BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a |
| Telebots | 5 | TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize |
| Frozenbarents | 4 | Frozenbarents, also known as Sandworm or Voodoo Bear, is a threat actor linked to Russia's GRU military intelligence agency. Noted for its versatility, the group has executed a variety of cyber-attacks against Ukraine and NATO countries, with a particular emphasis on critical infrastructure, utiliti |
| Prestige | 4 | Prestige is a malicious software (malware) that has been linked to several disruptive cyberattacks. In October 2022, the malware was used in ransomware attacks against Ukrainian and Polish logistics companies. These attacks were attributed to Sandworm, an advanced persistent threat (APT) group belie |
| Apt44 | 4 | APT44, previously known as Sandworm, is a Russian military intelligence hacking team newly designated by Mandiant. The group has been active in conducting campaigns leveraging Sandworm malware since the start of 2023, primarily targeting Ukraine, Eastern Europe, and investigative journalists. APT44' |
| Voodoo Bear | 4 | VOODOO BEAR, also known as Sandworm, Seashell Blizzard, and other names such as Iridium, Iron Viking, Telebots, and APT44, is a highly advanced threat actor with a suspected nexus to the Russian Federation. First identified in January 2018, this group has been active since 2000 and operates under th |
| Turla | 4 | Turla, a threat actor linked to Russia, is known for its sophisticated cyber-espionage activities. It has been associated with numerous high-profile attacks, employing innovative techniques and malware to infiltrate targets and execute actions with malicious intent. According to MITRE ATT&CK and MIT |
| Cyberarmyofrussia_reborn | 3 | CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen |
| Seashell Blizzard | 3 | Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the |
| Infamous Chisel | 3 | Infamous Chisel is a malicious software (malware) that has been specifically designed to exploit and damage computer systems and devices. This malware operates covertly, infiltrating systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, Infamou |
| IRON VIKING | 3 | Iron Viking, a threat actor group also known as Sandworm, Telebots, Voodoo Bear, and other names, has been active since 2000. This group operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). Iron Viking is notorious for its destructive cyber-espi |
| Solntsepek | 3 | Solntsepek is a notorious malware associated with the Russian state-sponsored threat actor, Seashell Blizzard, which is affiliated with the GRU. The group has been identified by Microsoft as one of the three hacktivist groups that regularly interact with Seashell Blizzard, alongside InfoCentr and th |
| Unc3810 | 2 | UNC3810 is a malware identified and tracked by cybersecurity firm Mandiant, notorious for its deployment of CaddyWiper in October 2022. This malicious software is designed to exploit and damage computer systems, often infiltrating via suspicious downloads, emails, or websites. The threat actor, init |
| Hades | 2 | Hades is a notable threat actor, known for its distinctive tactics and infrastructure in executing cyber attacks. The cybersecurity industry first observed Hades' operations in June 2021, with its activities marked by the use of advanced tools such as Advanced Port Scanner, MegaSync, Rclone, and Mal |
| Seashell Blizzard Iridium | 2 | Seashell Blizzard Iridium, also known as Sandworm, is a threat actor reportedly comprised of Russian military intelligence officers. This group has been identified as distinct from other Advanced Persistent Threat (APT) groups associated with the Russian military intelligence GRU, such as Forest Bli |
| Volt Typhoon | 2 | Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo |
| Uac-0165 | 2 | UAC-0165 is a malware reportedly linked to the Russia-affiliated Advanced Persistent Threat (APT) group known as Sandworm. This malicious software, designed to infiltrate and damage computer systems, has been identified as the tool used in a series of cyberattacks on Ukrainian telecommunications ser |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CaddyWiper | has used | 8 | CaddyWiper is a destructive malware, a type of malicious software designed to exploit and damage computer systems. It was one of several malwares deployed against Ukraine starting in January 2022 by the Russian Advanced Persistent Threat (APT) group, alongside others such as WhisperGate, HermeticWip |
| NotPetya | Unspecified | 4 | NotPetya is a notorious malware that emerged in 2017, widely attributed to the Russian hacking group APT28, also known as Sandworm. This malicious software was primarily an act of cyberwar against Ukraine, delivered through updates to MeDoc accounting software, a technique known as a supply chain at |
| Kapeka | is related to | 4 | Kapeka is a previously unknown malware that operates as a backdoor into systems, linked to the Russian Sandworm Advanced Persistent Threat (APT) group. The malicious software can infiltrate a system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, i |
| Industroyer2 | Unspecified | 4 | Industroyer2 is a sophisticated piece of malware designed to target Industrial Control Systems (ICS), developed and deployed by the Russian state-sponsored advanced persistent threat group, Sandworm. The group has been active since 2007 and used Industroyer2 in a significant attack against Ukraine's |
| KONNI | Unspecified | 3 | Konni is a malware, short for malicious software, that poses a significant threat to computer systems and data. It's designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Konni can wreak havoc by stealin |
| Nikowiper | Unspecified | 3 | NikoWiper is a malicious software (malware) identified as a new data wiper attributed to Sandworm, a state-backed hacker group linked with Russia's Main Directorate of the General Staff of the Armed Forces (GRU). This malware, unique in its design compared to other strains, was used in an attack on |
| Swiftslicer | Unspecified | 3 | SwiftSlicer is a new wiper malware, written in Go, that was detected by security researchers on January 25th, 2023. This malicious software was designed to overwrite crucial files used by the Windows operating system, thereby causing significant disruption and damage to infected systems. The malware |
| KillDisk | Unspecified | 2 | KillDisk is a potent malware, initially designed to overwrite targeted files instead of encrypting them. First seen in action during December 2016, it disrupted recovery processes by erasing critical system and workstation files. The TeleBots group notably used KillDisk in the final stages of their |
| Olympic Destroyer | Unspecified | 2 | Olympic Destroyer is a notorious malware that wreaked havoc during the 2018 Winter Olympics in Pyeongchang, South Korea. The malicious software was deployed by Sandworm, a cyber-espionage group believed to be associated with APT28, a Russian cyber threat actor with a long history of high-profile cyb |
| Brute Ratel | Unspecified | 2 | Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can s |
| Roarbat | Unspecified | 2 | RoarBat is a malicious software (malware) employed by the Sandworm hacking group, known for its operations against Windows devices. The malware utilizes a BAT script to execute harmful activities, with evidence suggesting that it shares similarities with a cyber attack on Ukrinform, the Ukrainian na |
| Cyclops Blink | Unspecified | 2 | "Cyclops Blink" is a type of modular malware that emerged in 2019, designed to target network infrastructure. It was dubbed the "Son of VPNFilter" due to its similarities with the latter campaign. Specifically crafted to run on Linux systems, particularly those with 32-bit PowerPC architecture, Cycl |
| Prestige Ransomware | Unspecified | 2 | The Prestige ransomware is a type of malware that had not been observed by Microsoft prior to its deployment. It is a malicious software designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once inside a system, it can steal personal |
| Acidrain | Unspecified | 2 | AcidRain is a malicious software, or malware, that was first described in March, following a cyberattack that disrupted approximately 10,000 satellite modems associated with communications provider Viasat's KA-SAT network. The malware was discovered by cybersecurity firm SentinelOne in February 2022 |
| Acidpour | Unspecified | 2 | AcidPour is a newly identified malware variant that has been specifically designed to target Linux x86 devices. As a malicious software, AcidPour exploits and damages the targeted systems, potentially stealing personal information, disrupting operations, or holding data hostage for ransom. It infilt |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Sandworm Apt | Unspecified | 4 | Sandworm APT, a threat actor linked to Russia, has been identified as the malicious entity behind several significant cyber-attacks. The group is known for its sophisticated operations and evolving tactics, often targeting critical infrastructure and government entities. In one of its most disruptiv |
| Gamaredon | Unspecified | 3 | Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the cybersecurity landscape. Notably, it has employed the USB worm LitterDrifter in a series of cyberattacks against Ukraine, demonstrating its capacity for sophisticated and disruptive |
| ELECTRUM | Unspecified | 3 | Electrum is a threat actor that has been implicated in numerous cyber attacks, including those against Ukraine on February 1, 2022. These attacks were Bitcoin-themed and involved Electrum Bitcoin wallets, with similarities observed in later attacks conducted in April of the same year. The delivery m |
| Sandworm Team | Unspecified | 3 | The Sandworm Team, a threat actor associated with Russia's military intelligence-linked group, has demonstrated significant capabilities in developing custom malware to target Operational Technology (OT) and Industrial Control Systems (ICSs). Since at least 2015, the team has used the "BlackEnergy" |
| Sednit | Unspecified | 3 | Sednit, also known as APT28, Fancy Bear, Pawn Storm, Sofacy Group, BlueDelta, and Strontium, is a threat actor associated with Russia's military intelligence. The group has been active since at least 2007, primarily targeting governments, militaries, and security organizations worldwide. Notably, Se |
| Cozy Bear | Unspecified | 2 | Cozy Bear, also known as APT29, Midnight Blizzard, and Nobelium, is a threat actor believed to operate out of Russia's Foreign Intelligence Service or SVR. This group has been linked to several high-profile cyber intrusions. One of the earliest identified activities of Cozy Bear was at the Democrati |
| The Dukes | Unspecified | 2 | The Dukes, also known as APT29, Cozy Bear, Midnight Blizzard, and Nobelium, is a threat actor widely believed to be linked to the Russian government. The group has been active since at least 2008, conducting cyber espionage operations against various governments, think tanks, diplomatic entities, an |
| APT29 | Unspecified | 2 | APT29, also known as Cozy Bear, Nobelium, The Dukes, Midnight Blizzard, BlueBravo, and the SVR group, is a Russia-linked threat actor notorious for its malicious cyber activities. In November 2023, this entity exploited a zero-day vulnerability in WinRAR software to launch attacks against various em |
| APT40 | Unspecified | 2 | APT40 is a China-attributed cyber espionage group known for targeting countries strategically significant to the Belt and Road Initiative. The group has been linked to at least 51 different code families, exhibiting a broad range of capabilities. APT40 typically employs spear-phishing emails, often |
| Frozenlake | Unspecified | 2 | Frozenlake, also known as APT28, Fancy Bear, Forest Blizzard, and several other names, is a threat actor believed to be sponsored by the Russian military. The group has been involved in numerous cyber-attacks, primarily targeting Ukraine's energy sector. Their modus operandi includes exploiting vuln |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2023-38831 | Unspecified | 4 | CVE-2023-38831 is a critical vulnerability identified in the WinRAR software, with a CVSS score of 7.8, indicating high severity. This flaw in software design or implementation has been exploited to disseminate the LONEPAGE malware through ZIP files using an exploit known as UAC-0099. The vulnerabil |
| CVE-2014-4114 | is related to | 2 | CVE-2014-4114 is a significant vulnerability that lies within the design or implementation of software. This flaw specifically targets the Microsoft Windows OLE Package Manager, enabling remote code execution. The exploit was primarily used in .pps files, which are PowerPoint presentation files, mak |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| InfoSecurity-magazine | 8 days ago | Published Vulnerabilities Surge by 43% | |
| DARKReading | 10 days ago | Hitachi Energy Vulnerabilities Plague SCADA Power Systems | |
| Securityaffairs | a month ago | SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6 | |
| Securityaffairs | a month ago | security-affairs-malware-newsletter-round-5 | |
| BankInfoSecurity | 8 months ago | Russian Sandworm Group Spied on Kyivstar Networks for Months | |
| CERT-EU | 8 months ago | Forescout research uncovers new evidence tied to energy sector cyberattacks in Denmark | |
| CERT-EU | 8 months ago | Cyber Attack on Telecommunications Company | |
| CERT-EU | 6 months ago | Russian Cyberattackers Launch Multiphase PsyOps Campaign | |
| CERT-EU | 6 months ago | Emulating the Sabotage-Focused Russian Adversary Sandworm | |
| InfoSecurity-magazine | 5 months ago | Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies | |
| DARKReading | 2 months ago | Novel ICS Malware Sabotaged Water-Heating Services in Ukraine | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 3 | |
| InfoSecurity-magazine | 2 months ago | Hacktivist Groups Target Romania Amid Geopolitical Tensions | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 2 | |
| BankInfoSecurity | 2 months ago | Millions of Exim Servers Still Exposed to Critical Flaw | |
| Recorded Future | 2 months ago | Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign | |
| Securityaffairs | 2 months ago | Security Affairs Malware Newsletter - Round 1 | |
| Securityaffairs | 2 months ago | Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION | |
| BankInfoSecurity | 2 months ago | Russian Indicted for Wiper Malware Campaign Against Ukraine |