| ID | Votes | Profile Description |
|---|---|---|
| Turla | 10 | Turla, a threat actor linked to Russia, is known for its sophisticated cyber-espionage activities. It has been associated with numerous high-profile attacks, employing innovative techniques and malware to infiltrate targets and execute actions with malicious intent. According to MITRE ATT&CK and MIT |
| Uroburos | 8 | Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen |
| Venomous Bear | 5 | Venomous Bear, also known as Turla, Urobouros, Snake, and other names, is a threat actor group attributed to Center 16 of the Federal Security Service (FSB) of the Russian Federation. The group has been active since at least 2004, targeting diplomatic and government organizations, as well as private |
| Waterbug | 4 | Waterbug, also known as Turla, Venomous Bear, and other aliases, is a cyberespionage group closely affiliated with the FSB Russian intelligence agency. This threat actor has been active since at least 2004, targeting government entities, intelligence agencies, educational institutions, research faci |
| ComRAT | 3 | ComRAT, also known as Agent.BTZ, is a potent malware that has evolved over the years to become a significant threat in the cybersecurity landscape. Developed using C++ and employing a virtual FAT16 file system, ComRAT is often used to exfiltrate sensitive documents. The malware is a remote access tr |
| Kazuar | 3 | Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar |
| CrystalRay | 3 | CrystalRay, a threat actor in the cybersecurity landscape, has been escalating its operations significantly, as evidenced by a tenfold increase in its victim count to over 1,500. This notable surge in activity has raised concerns among security professionals and organizations alike. CrystalRay's pri |
| Turla Group | 3 | The Turla group, also known as Pensive Ursa, Krypton, Secret Blizzard, Venomous Bear, or Uroburos, is a notable threat actor that has been linked to the Russian Federal Security Service (FSB). With a history dating back to 2004, this group operates in painstaking stages, first conducting reconnaissa |
| EKANS | 2 | EKANS, also known as SNAKE (the word EKANS spelled backwards), is a significant strain of malware that emerged in mid-December 2019. It was one of the more concerning ransomware strains observed in 2020, accounting for 6% of all ransomware attacks monitored by IBM Security X-Force in that year. The |
| TinyTurla | 2 | TinyTurla is a form of malware, malicious software designed to infiltrate and damage computer systems without the user's knowledge. It can enter systems via suspicious downloads, emails, or websites, and once inside, it has the potential to steal personal information, disrupt operations, or hold dat |
| Pensive Ursa | 2 | Pensive Ursa, also known as Turla, Uroburos, Venomous Bear, and Waterbug, is a Russian-based advanced persistent threat (APT) group that has been operating since at least 2004. The group, linked to the Russian Federal Security Service (FSB), is renowned for its sophisticated cyber-espionage activiti |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Snake Malware | Unspecified | 6 | The infamous Snake malware, a complex and destructive tool utilized by Pensive Ursa, became the target of a significant cybersecurity operation in May 2023. Detailed in a CISA report, the Snake malware was known to infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst t |
| Clop | Unspecified | 2 | Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole |
| Hive | Unspecified | 2 | Hive is a malicious software (malware) that has been used by the cybercriminal group, Hunters International, to launch ransomware attacks since October of last year. The group operates as a ransomware-as-a-service (RaaS) provider, spreading Hive rapidly through collaborations with less sophisticated |
| Chinch | Unspecified | 2 | None |
| Agent Tesla | Unspecified | 2 | Agent Tesla is a type of malware, or malicious software, that exploits and damages computer systems. It can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold d |
| ZLib | Unspecified | 2 | Zlib is a piece of malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostag |
| Tomiris | Unspecified | 2 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Medusa | Unspecified | 5 | Medusa, a malicious threat actor known for its ransomware attacks, has been increasingly active and dangerous. This group was responsible for a significant rise in data leaks and multi-extortion activities throughout 2023. Medusa, along with other ransomware groups like LockBit and ALPHV (BlackCat), |
| Turla’s | Unspecified | 3 | None |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| Fortinet | 10 days ago | Deep Analysis of Snake Keylogger’s New Variant | FortiGuard Labs | |
| CERT-EU | 6 months ago | Cyber Security Today, Feb. 26, 2024 – Canadian online harms legislation to be revealed today, and more | IT World Canada News | |
| InfoSecurity-magazine | 2 months ago | CRYSTALRAY Cyber-Attacks Grow Tenfold Using OSS Tools | |
| BankInfoSecurity | 2 months ago | CRYSTALRAY Group Targets 1,500 Organizations in 6 Months | |
| Securityaffairs | 2 months ago | CrystalRay operations have scaled 10x to over 1,500 victims | |
| DARKReading | 2 months ago | Credential-Stealing OSS 'Crystalray' Attacks Jump 10X | |
| Bitdefender | 2 months ago | Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures’ and Sponsored Health-Related Scams on Social Media | |
| Flashpoint | 3 months ago | Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024 | |
| Securityaffairs | 4 months ago | Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs | |
| ESET | 4 months ago | To the Moon and back(doors): Lunar landing in diplomatic missions | |
| BankInfoSecurity | 5 months ago | Steganography Campaign Targets Global Enterprises | |
| CERT-EU | 6 months ago | Be careful if you use Linux in your company: It is not immune - Panda Security Mediacenter | |
| CERT-EU | 6 months ago | New Python-Based Snake Info Stealer Spreading Through Facebook Messages | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | |
| CERT-EU | 6 months ago | Snake Python-Based Information Stealer Targets Facebook Users | |
| Securityaffairs | 6 months ago | Snake, a new Info Stealer spreads through Facebook messages | |
| CERT-EU | 6 months ago | LockBit, Law Enforcement, and building operational resiliency – Global Security Mag Online | |
| CERT-EU | 6 months ago | Snake, a new Info Stealer spreads through Facebook messages | |
| CERT-EU | 6 months ago | Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware – GIXtools | |
| CERT-EU | 6 months ago | New Python-Based Snake Info Stealer Spreading Through Facebook Messages – GIXtools | |
| CERT-EU | 6 months ago | Techrights — Links 04/03/2024: Techno-Babble in Tech Job Ads and Vision Pro Already Breaking Apart |