YTTRIUM

Threat Actor updated a month ago (2024-11-29T13:59:43.296Z)
Download STIX
Preview STIX
Yttrium, also known as APT29, CozyBear, UNC2452, NOBELIUM, and Midnight Blizzard, is a prominent threat actor in the cybersecurity landscape. This group has been attributed to several significant cyber-attacks, with its activities largely overlapping with those attributed to APT29 or CozyBear, according to third-party security researchers. The group is believed to be sponsored by the Russian Foreign Intelligence Service. However, Microsoft has indicated that there isn't sufficient evidence yet to conclusively attribute certain campaigns to Yttrium, highlighting the complexity and ambiguity often involved in attributing cyber threats. In addition to being a name for a threat group, Yttrium (formerly Digital+ Partners) is also a leading technology growth equity investor based in Frankfurt, Munich, and London. It focuses exclusively on B2B technology companies, leveraging a deep corporate network to help portfolio companies access new markets and build partnerships. Yttrium aims to support ambitious entrepreneurs to build global technology leaders by providing strategic advice and long-term financial support to help them define and execute their growth plans. Following the Summa investment, Yttrium will remain a significant minority shareholder in Logpoint, demonstrating its ongoing commitment to supporting its portfolio companies. The variety of names used to identify these groups, including at least eight names for an Iranian group that Microsoft named PHOSPHORUS and 15 names for the Russian group known as Cozy Bear, highlights the lack of standardization in naming conventions within the cybersecurity industry. The same group can be referred to differently by different entities, such as CrowdStrike's Cozy Bear, Mandiant's UNC2452 and APT29, and Microsoft's NOBELIUM and YTTRIUM. This discrepancy can lead to confusion and differing conclusions in threat analysis, underscoring the need for further coordination and standardization in the field.
Description last updated: 2024-05-04T17:44:06.623Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT29 is a possible alias for YTTRIUM. APT29, also known as Midnight Blizzard and linked to Russia's Foreign Intelligence Service (SVR), is a notorious threat actor that has been implicated in several high-profile cyberattacks. The group has demonstrated sophisticated capabilities, exploiting vulnerabilities such as the WinRAR 0day flaw
2
NOBELIUM is a possible alias for YTTRIUM. Nobelium, a Russia-linked Advanced Persistent Threat (APT) group also known as APT29, SVR Group, BlueBravo, Cozy Bear, Midnight Blizzard, and The Dukes, has been identified as a significant cybersecurity threat. In 2024, Nobelium targeted French diplomatic entities, posing a major concern to the int
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.