Seashell Blizzard Iridium

Threat Actor updated 4 months ago (2024-05-04T18:22:56.676Z)
Download STIX
Preview STIX
Seashell Blizzard Iridium, also known as Sandworm, is a threat actor reportedly comprised of Russian military intelligence officers. This group has been identified as distinct from other Advanced Persistent Threat (APT) groups associated with the Russian military intelligence GRU, such as Forest Blizzard (also known as Strontium, APT28, and Fancy Bear) and Cadet Blizzard. Seashell Blizzard Iridium has conducted a series of disruptive cyber operations, often under the guise of ransomware attacks, to support broader military objectives, particularly in Ukraine. At CYBERWARCON 2022, Microsoft highlighted the development of a novel "ransomware" strain, Prestige, by Seashell Blizzard Iridium. This cyberattack was designed to cause significant disruption while providing plausible deniability for the sponsoring organization. The attack impacted organizations in Ukraine and Poland, further indicating the group's focus on this region. Despite these activities, Microsoft noted that Seashell Blizzard Iridium's success rate was relatively low compared to other GRU-affiliated actors. In addition to the ransomware attacks, Seashell Blizzard Iridium has been implicated in other malicious activities. These include the WisperGate data-wiping attacks that began on January 13, 2022, over a month before Russia invaded Ukraine. The group has also been linked to a series of defacements of Ukrainian organization websites and various operations, including the hack-and-leak forum known as "Free Civilian." It's important to note that despite their common affiliation with the GRU, the operations of Cadet Blizzard are separate from those of well-established hacker groups like Forest Blizzard (Strontium) and Seashell Blizzard (Iridium).
Description last updated: 2023-11-09T22:18:55.066Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sandworm
2
Sandworm, a Russia-linked threat actor group, has been implicated in a series of significant cyber-attacks targeting Ukraine's infrastructure. The group successfully compromised 11 Ukrainian telecommunication providers, demonstrating their extensive capabilities and the broad reach of their operatio
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Cadet BlizzardUnspecified
2
Cadet Blizzard, a threat actor group associated with Russia's GRU military intelligence unit, has been identified by Microsoft as the perpetrator of destructive cyber attacks in Ukraine using wiper malware. The group has been active since at least 2020 and has recently gained some success, according
Source Document References
Information about the Seashell Blizzard Iridium Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
Microsoft shares threat intelligence at CYBERWARCON 2023 | Microsoft Security Blog
CERT-EU
a year ago
Russia sent its reserve team to wipe Ukrainian hard drives
DARKReading
a year ago
Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks
CERT-EU
a year ago
New Russia’s GRU-affiliated APT group linked to destructive wiper attacks on Ukraine
Securityaffairs
a year ago
Microsoft links Cadet Blizzard APT to Russia military intel GRU