Ta471

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
TA471, also known as UAC-0056, is a threat actor that has been active since early 2021 and has been linked to Russia by Symantec's Threat Hunter Team. This group has become a significant player in Russia's ongoing cyber campaigns against Ukraine. TA471 has been associated with the WhisperGate malware, a destructive data-wiping tool used in multiple attacks against Ukrainian targets in January 2022. The group's tactics include using info-stealing malware that masquerades as legitimate Microsoft Office files, similar to other tools like GraphSteel and GrimPlant previously deployed by TA471 in spear-phishing campaigns targeting Ukrainian state bodies. The recent news of TA471’s latest espionage campaign came just days after the Ukrainian government warned about another Russian state-sponsored hacking group, UAC-0010, which continues to conduct frequent cyber attack campaigns against Ukrainian organizations. These back-to-back alerts underscore the persistent and sophisticated nature of these threat actors, who pose a significant risk to national security and organizational integrity in Ukraine. Despite the extensive activities of TA471, little is known about the hacking crew’s origin or strategy. However, its prominence in Russia's cyber operations against Ukraine suggests that it plays a crucial role in these efforts. As such, understanding and countering TA471’s actions should be a priority for cybersecurity professionals and policymakers alike, as this group's activities continue to impact Ukraine's digital infrastructure and broader security landscape.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ukrainian
Ukraine
Symantec
Espionage
State Sponso...
Malware
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
WhisperGateUnspecified
1
WhisperGate is a type of malware, specifically a wiper, that was used extensively in cyberattacks against Ukrainian organizations throughout 2022. It was one of several malicious software tools deployed by Russian Advanced Persistent Threat (APT) actors, alongside others such as AwfulShred, CaddyWip
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ta471 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Russian 'WhisperGate' hackers are using new data-stealing malware to target Ukraine • TechCrunch | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security