Team Truniger

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Team Truniger, also known as Snatch, is a threat actor group that first emerged in 2018. The group was initially named after the online handle of its founder and organizer, Truniger, who had previously worked as an affiliate of the GandCrab ransomware-as-a-service operation. According to a joint advisory from the FBI and the U.S. Cybersecurity and Infrastructure Security Administration (CISA) issued on September 20, 2023, this group has Russian origins and uses command-and-control servers hosted in Russia to launch its attacks. The modus operandi of Team Truniger involves a sophisticated technique of rebooting Windows PCs into safe mode to bypass existing anti-virus protection. This method is part of their ransomware attack strategy, which also includes purchasing data stolen by other hacking groups to further extort victims. Their evolution from a GandCrab affiliate to a full-fledged threat actor showcases their increasing technical prowess and malicious intent. Since mid-2021, Team Truniger has been targeting a wide range of critical infrastructure sectors, posing a significant threat to cybersecurity. The FBI and CISA have issued multiple advisories warning about the activities of this group, formerly known as Snatch. These advisories highlight the urgent need for robust cybersecurity measures and constant vigilance to counter the threats posed by such advanced persistent threat (APT) groups.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Snatch
2
Snatch is a type of malware, specifically ransomware, known for its malicious activities. Ransomware is a harmful program designed to exploit and damage computer systems or devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains
Gandcrab
2
GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
CISA
Ransomware
Windows
Extortion
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Team Truniger Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
Banco Promerica Data Breach: Facing Dual Ransomware Threats | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
10 months ago
Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
CERT-EU
10 months ago
Snatch ransomware - what you need to know
CERT-EU
10 months ago
#StopRansomware: Snatch Ransomware | CISA
CERT-EU
9 months ago
A Closer Look at the Snatch Data Ransom Group – GIXtools
Krebs on Security
9 months ago
A Closer Look at the Snatch Data Ransom Group
CERT-EU
10 months ago
#StopRansomware: Snatch Ransomware - KizzMyAnthia.com
CERT-EU
10 months ago
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
CERT-EU
10 months ago
Snatch Ransomware: SafeBreach Coverage for US-CERT Alert (AA23-263A)
BankInfoSecurity
10 months ago
Feds Warn About Snatch Ransomware