UNC2589

Threat Actor updated 7 months ago (2024-05-04T18:48:18.404Z)

Download STIX

Preview STIX

UNC2589, also known as Frozenvista, is a threat actor that emerged as a significant cybersecurity concern in 2021. Notably linked to the Russian Armed Forces' Main Directorate of the General Staff (GRU), this group started deploying phishing attacks against Ukrainian organizations from April 2021, a month after Russian troops began massing on the Ukraine border. This Advanced Persistent Threat (APT) group is considered a new and probable GRU actor, underscoring its potential for severe cyber espionage activities. In addition to UNC2589, other groups such as APT28, associated with Russian military intelligence, were observed conducting extensive information collection and disinformation operations. These activities escalated prior to Russia's invasion of Ukraine in February 2022. The threat landscape was not limited to Russian actors; Mandiant also observed activity by Chinese, Belarusian, and Iranian threat groups targeting Ukraine, indicating a complex and multifaceted cyber warfare environment. The government experts have attributed these cyberattacks to various groups including UAC-0056, DEV-0586, Nodaria, or Lorec53, alongside UNC2589. These groups have been implicated in numerous instances of cyberattacks, demonstrating a broad and persistent threat to Ukraine's cybersecurity infrastructure. The concerted efforts of these threat actors underline the strategic use of cyber warfare tactics in geopolitical conflicts.

Description last updated: 2023-10-10T18:20:59.074Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ukraine

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The APT28 Threat Actor is associated with UNC2589. APT28, also known as Fancy Bear and Unit 26165 of the Russian Main Intelligence Directorate, is a threat actor linked to Russia with a history of cyber-espionage activities. The group has been involved in several high-profile attacks, including the hacking of the Democratic National Committee (DNC)	Unspecified	2

Source Document References

Information about the UNC2589 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	2 years ago	Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine
Securityaffairs	2 years ago	CERT of Ukraine: Russia-linked APT backdoored multiple govt sites
CSO Online	2 years ago	Businesses detect cyberattacks faster despite increasingly sophisticated adversaries
DARKReading	2 years ago	3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022