Team Truniger

Threat Actor updated 7 months ago (2024-05-04T20:35:38.284Z)

Download STIX

Preview STIX

Team Truniger, also known as Snatch, is a threat actor group that first emerged in 2018. The group was initially named after the online handle of its founder and organizer, Truniger, who had previously worked as an affiliate of the GandCrab ransomware-as-a-service operation. According to a joint advisory from the FBI and the U.S. Cybersecurity and Infrastructure Security Administration (CISA) issued on September 20, 2023, this group has Russian origins and uses command-and-control servers hosted in Russia to launch its attacks. The modus operandi of Team Truniger involves a sophisticated technique of rebooting Windows PCs into safe mode to bypass existing anti-virus protection. This method is part of their ransomware attack strategy, which also includes purchasing data stolen by other hacking groups to further extort victims. Their evolution from a GandCrab affiliate to a full-fledged threat actor showcases their increasing technical prowess and malicious intent. Since mid-2021, Team Truniger has been targeting a wide range of critical infrastructure sectors, posing a significant threat to cybersecurity. The FBI and CISA have issued multiple advisories warning about the activities of this group, formerly known as Snatch. These advisories highlight the urgent need for robust cybersecurity measures and constant vigilance to counter the threats posed by such advanced persistent threat (APT) groups.

Description last updated: 2024-05-04T17:07:23.641Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Gandcrab is a possible alias for Team Truniger. GandCrab, a threat actor, is known for its malicious activities involving ransomware attacks. Originating from Russian origins and evolving from Team Truniger, a former GandCrab affiliate, the group has been linked to numerous ransomware variants including Bad Rabbit, LockBit 2.0, STOP/DJVU, and REv	2
Snatch is a possible alias for Team Truniger. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, inc	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Team Truniger Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Banco Promerica Data Breach: Facing Dual Ransomware Threats \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
CERT-EU	a year ago	Snatch ransomware - what you need to know
CERT-EU	a year ago	#StopRansomware: Snatch Ransomware \| CISA
CERT-EU	a year ago	A Closer Look at the Snatch Data Ransom Group – GIXtools
Krebs on Security	a year ago	A Closer Look at the Snatch Data Ransom Group
CERT-EU	a year ago	#StopRansomware: Snatch Ransomware - KizzMyAnthia.com
CERT-EU	a year ago	ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
CERT-EU	a year ago	Snatch Ransomware: SafeBreach Coverage for US-CERT Alert (AA23-263A)
BankInfoSecurity	a year ago	Feds Warn About Snatch Ransomware