Winter Vivern

Threat Actor updated 25 days ago (2024-08-14T10:02:15.644Z)
Download STIX
Preview STIX
Winter Vivern, a threat actor group, has recently been identified as a significant cybersecurity concern due to its exploitation of a zero-day vulnerability in the Roundcube webmail software. This group, which could be a single individual, a private company, or part of a government entity, carries out actions with malicious intent. The cybersecurity industry has noted Winter Vivern's activities, drawing attention to their sophisticated and harmful operations. In October 2023, ESET Research revealed that Winter Vivern had exploited a similar vulnerability to target European government entities. This advanced persistent threat (APT) group demonstrated its capabilities by successfully breaching secure systems, raising concerns about the potential impact of their activities on national security and infrastructure. The group's focus on governmental bodies indicates a high level of strategic planning and execution, making them a formidable adversary in the realm of cybersecurity. Most recently, Recorded Future's Insikt Group reported that Winter Vivern has been abusing an XSS vulnerability in the widely used RoundCube webmail software. This cyberespionage campaign has targeted government, military, and national infrastructure-related entities across Europe, including Ukraine, Poland, and Georgia. Given the scale and sophistication of these attacks, it is clear that Winter Vivern represents a serious and ongoing threat to cybersecurity across multiple sectors and countries.
Description last updated: 2024-08-14T08:54:55.320Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Ta473
4
TA473, also known as Winter Vivern and UAC-0114, is a Russian advanced persistent threat (APT) group that has been active since at least February 2023. The group focuses on cyber espionage, supporting Russian and Belarusian geopolitical objectives, especially in the context of the Russia-Ukraine con
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Zimbra
Exploit
roundcube
Vulnerability
Apt
Zero Day
Ukraine
Malware
Russia
Phishing
Government
Spearphishing
JavaScript
Sentinelone
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
TankUnspecified
2
Tank is a form of malware, a malicious software designed to exploit and damage computer systems. This type of cyber threat can infiltrate your system through various means such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can wreak havoc by stealing pe
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
APT28Exploited
2
APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM, is a threat actor linked to Russia that has been active since at least 2007. The group has targeted governments, militaries, and security organizations worldwide, including the German Social Democratic Party
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2022-27926Unspecified
3
CVE-2022-27926 is a software vulnerability identified in Zimbra instances. This flaw in software design or implementation has been exploited by Winter Vivern (also known as TA473), a Russian hacking group, to gain unauthorized access to sensitive email communications. The targets of this cyber espio
Source Document References
Information about the Winter Vivern Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
CERT-EU
6 months ago
Threat actor UAC-0149 targets Armed Forces of Ukraine with Cookbox backdoor
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
2 months ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Flashpoint
3 months ago
Evolving Tactics: How Russian APT Groups Are Shaping Cyber Threats in 2024
ESET
4 months ago
ESET APT Activity Report Q4 2023–Q1 2024
Securityaffairs
4 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
5 months ago
Exploited TP-Link Vulnerability Spawns Botnet Threats
Securityaffairs
5 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
5 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini