Skip to content

Latest commit

 

History

History
46 lines (43 loc) · 4.59 KB

ThreatIntelligence.md

File metadata and controls

46 lines (43 loc) · 4.59 KB
Raw

Threat Intelligence

Important

  • The Russian APTs mentioned in other files in this repository are highlighted in the following list of additional reports provided by a variety of sources.
  • It was important to use this list of publicly available reports as the main source as it makes it so the research can be independently peer reviewed.
Date Published Russian APT Report
26 September 2024 Gamaredon https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023
5 September 2024 EMBER BEAR https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
14 August 2024 Star Blizzard https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/
19 June 2024 COZY BEAR https://www.cert.ssi.gouv.fr/cti/CERTFR-2024-CTI-006/
5 June 2024 UAC-0020 https://cert.gov.ua/article/6279600
1 May 2024 FANCY BEAR https://www.trendmicro.com/en_us/research/24/e/router-roulette.html
19 April 2024 Sandworm https://cert.gov.ua/article/6278706
17 April 2024 Sandworm https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf
21 March 2024 Turla https://blog.talosintelligence.com/tinyturla-full-kill-chain/
22 January 2024 UAC-0050 https://cert.gov.ua/article/6277285
28 December 2023 FANCY BEAR https://cert.gov.ua/article/6276894
13 December 2023 COZY BEAR https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
8 December 2023 FANCY BEAR https://securityintelligence.com/x-force/itg05-ops-leverage-israel-hamas-conflict-lures-to-deliver-headlace-malware/
27 January 2023 COZY BEAR https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
2 May 2022 COZY BEAR https://cloud.google.com/blog/topics/threat-intelligence/unc3524-eye-spy-email/
27 January 2022 COZY BEAR https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
4 November 2021 Gamaredon https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf
25 October 2021 COZY BEAR https://www.microsoft.com/en-us/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/
1 July 2021 FANCY BEAR https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
27 May 2021 COZY BEAR https://www.microsoft.com/en-us/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
18 December 2020 COZY BEAR https://www.microsoft.com/en-us/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
2 December 2020 Turla https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
10 September 2020 FANCY BEAR https://www.microsoft.com/en-us/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/
15 June 2020 Turla https://web-assets.esetstatic.com/wls/2020/05/ESET_Turla_ComRAT.pdf
24 July 2019 BERSERK BEAR https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector
20 June 2019 Turla https://symantec-enterprise-blogs.security.com/threat-intelligence/waterbug-espionage-governments
17 August 2018 Turla https://web-assets.esetstatic.com/wls/2018/08/Eset-Turla-Outlook-Backdoor.pdf
6 June 2018 FANCY BEAR https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks/
22 May 2018 https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/
18 April 2018 FANCY BEAR https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
16 March 2018 BERSERK BEAR https://www.cisa.gov/news-events/alerts/2018/03/15/russian-government-cyber-activity-targeting-energy-and-other-critical-infrastructure-sectors
20 October 2017 BERSERK BEAR https://symantec-enterprise-blogs.security.com/threat-intelligence/dragonfly-energy-sector-cyber-attacks
11 August 2017 FANCY BEAR https://web.archive.org/web/20170811181009/https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
4 December 2015 FANCY BEAR https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/
18 April 2015 FANCY BEAR https://cloud.google.com/blog/topics/threat-intelligence/probable-apt28-useo/

Note

This list will also be used by others to contribute additional threat intelligence about tools used by Russian APTs to the repo.