ID | Votes | Profile Description |
---|---|---|
Solorigate | 2 | Solorigate, also known as SUNBURST, is a sophisticated malware that was used in a series of cyberattacks in 2021. The malware was discovered to have been implanted into the SolarWinds Orion software through a supply-chain compromise, which Microsoft initially dubbed as "Solorigate". This allowed the |
OilRig | 2 | OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as |
SUPERNOVA | 2 | SUPERNOVA is a potent and novel malware, as reported by FireEye during the SolarWinds compromise. It stands out due to its in-memory execution, sophistication in parameters and execution, and flexibility by implementing a full programmatic API to the .NET runtime. This malware compiles parameters on |
TEARDROP | 2 | Teardrop is a sophisticated malware used in cyber attacks, often associated with APT29/Cozy Bear, a group known for deploying advanced tactics and techniques. It has been linked to the Solorigate (SUNBURST) backdoor and is part of a suite of tools including Raindrop, GoldMax, and others used by the |
xHunt | 1 | The xHunt campaign is a series of related cyber activities with a unified goal, similar to other well-known campaigns such as DarkHydrus, OilRig, SUNBURST, and Decoy Dog. These campaigns are known for their use of DNS tunneling for command and control (C2) communications, a method which allows data |
DarkHydrus | 1 | DarkHydrus is a notable threat actor known for executing malicious activities. The group has been associated with several well-known campaigns including DarkHydrus, OilRig, xHunt, SUNBURST, and Decoy Dog. These campaigns have leveraged DNS tunneling for Command and Control (C2) communications, a tec |
SUNSPOT | 1 | Sunspot is a sophisticated and novel malware associated with the SolarWinds intrusion that occurred in December 2020. This malicious software, linked to COZY BEAR (also known as APT29 or "The Dukes"), infiltrates systems undetected, often through suspicious downloads, emails, or websites. Once insid |
ID | Type | Votes | Profile Description |
---|---|---|---|
Kazuar | is related to | 6 | Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar |
GoldMax | Unspecified | 2 | GoldMax is a sophisticated malware, initially discovered to target Windows platforms with the earliest identified timestamp indicating a compilation in May 2020. The malicious software was designed by threat actors to exploit and damage computer systems, often infiltrating without the user's knowled |
Tomiris | Unspecified | 2 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
Decoy Dog | Unspecified | 1 | Decoy Dog is a notorious malware that utilizes DNS tunneling for Command and Control (C2) operations, similar to well-known campaigns like DarkHydrus, OilRig, xHunt, and SUNBURST. This malware uses the underlying tunneling tool Pupy, which applies the character '9' as padding when encoding data. Fir |
Mamadogs | Unspecified | 1 | None |
Crimsonbox | Unspecified | 1 | None |
Raindrop | Unspecified | 1 | Raindrop is a type of malware discovered during the Solorigate investigation, along with other malicious software such as TEARDROP, SUNBURST, and various custom loaders for the Cobalt Strike beacon. These malware types, including Raindrop, are likely generated using custom Artifact Kit templates. Ra |
Sunshuttle | Unspecified | 1 | Sunshuttle is a malicious software (malware) that has been linked to various cyber threats. Initial reports identified connections between Sunshuttle, a Tomiris Golang implant, NOBELIUM (also known as APT29 or TheDukes), and Kazuar, which is associated with Turla. However, interpreting these connect |
ID | Type | Votes | Profile Description |
---|---|---|---|
NOBELIUM | Unspecified | 3 | Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw |
APT29 | Unspecified | 3 | APT29, also known as Cozy Bear, SVR group, BlueBravo, Nobelium, Midnight Blizzard, and The Dukes, is a threat actor linked to Russia. This group is notorious for its malicious activities in the cybersecurity realm, executing actions with harmful intent. It has been associated with several high-profi |
Turla | Unspecified | 2 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
Pensive | Unspecified | 1 | Pensive Ursa, also known as Turla or Uroburos, is a Russian-based threat group that has been active since at least 2004 and is linked to the Russian Federal Security Service (FSB). The group employs advanced and stealthy tools like Kazuar, a .NET backdoor used as a second stage payload. In 2023, Pen |
Pensive Ursa | Unspecified | 1 | Pensive Ursa, also known as Turla, Uroburos, Venomous Bear, and Waterbug, is a Russian-based advanced persistent threat (APT) group that has been operating since at least 2004. The group, linked to the Russian Federal Security Service (FSB), is renowned for its sophisticated cyber-espionage activiti |
SolarStorm | Unspecified | 1 | SolarStorm is a threat actor group known for executing actions with malicious intent. Notable among their operations was the 2020 attack on SolarWinds Orion software, which was a sophisticated supply-chain attack that compromised the company's software updates, resulting in malware being served to i |
UNC2452 | Unspecified | 1 | UNC2452, also known as APT29, Cozy Bear, Nobelium, and Midnight Blizzard, is a highly skilled and disciplined threat actor group linked to Russia's SVR intelligence agency. The group gained notoriety for its role in the SolarWinds compromise in December 2020, an extensive cyberattack that involved a |
StellarParticle | Unspecified | 1 | StellarParticle, a threat actor associated with the COZY BEAR adversary group, has been identified as a significant cybersecurity risk by CrowdStrike. StellarParticle is known for its extensive knowledge of Windows and Linux operating systems, Microsoft Azure, O365, and Active Directory, and it has |
ID | Type | Votes | Profile Description |
---|---|---|---|
Log4Shell | Unspecified | 1 | Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent |
Source | CreatedAt | Title |
---|---|---|
InfoSecurity-magazine | 7 days ago | Sunburst: US Judge Dismisses Most SEC Charges Against SolarWinds |
DARKReading | 8 days ago | Sizable Chunk of SEC Charges Vs. SolarWinds Dismissed |
InfoSecurity-magazine | a month ago | French Diplomatic Entities Targeted by Russian-Aligned Nobelium |
Unit42 | 2 months ago | Leveraging DNS Tunneling for Tracking and Scanning |
DARKReading | 3 months ago | SolarWinds 2024: Where Do Cyber Disclosures Go from Here? |
CERT-EU | 4 months ago | White House adds teeth to secure software development requirements |
DARKReading | 6 months ago | SolarWinds Files Motion to Dismiss SEC Lawsuit |
BankInfoSecurity | 6 months ago | SolarWinds Requests Court Dismiss Regulator's Fraud Case |
CERT-EU | 6 months ago | Cyber Safety Review Board needs stronger authorities, more independence, experts say |
CERT-EU | 7 months ago | The JetBrains TeamCity software supply chain attack: Lessons learned |
CERT-EU | 7 months ago | Cyber risk strategies in hot seat as SEC rules go live |
DARKReading | 7 months ago | Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 |
MITRE | 7 months ago | Assembling the Russian Stacking Doll: UNC2452 Merged into APT29 |
MITRE | 7 months ago | SolarStorm Supply Chain Attack Timeline |
CERT-EU | 8 months ago | Securities and Exchange Commission Civil Suit Against SolarWinds | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting |
CERT-EU | 8 months ago | Limiting Remote Access Exposure in Hybrid Work Environments |
CERT-EU | 8 months ago | New SEC Disclosure Rules Can Help Cybersecurity: Lessons from SolarWinds - IT Governance USA Blog |
CERT-EU | 9 months ago | SEC charges SolarWinds and CISO with securities fraud and control failures |
CERT-EU | 8 months ago | Federal Government Continues Its Big Push for Cybersecurity with SEC Action Against SolarWinds and Its CISO |
CERT-EU | 8 months ago | SEC Turning Up the Heat: SolarWinds and Its CISO Charged with Fraud Regarding Cyber-related Disclosures |