Home >
List all groups > [Unnamed groups: Russia]
APT group: [Unnamed groups: Russia]
| Names | [Unnamed groups: Russia] (?) |
| Country |  Russia |
| Motivation | Information theft and espionage, Financial gain, Sabotage and destruction |
| First seen | 2014 |
| Description | These are reported APT activities attributed to a country, but not to an individual threat group. |
| Observed | Sectors: Financial.
Countries: Australia, Singapore, USA and Worldwide. |
| Tools used | |
| Operations performed | 2014 | Yahoo hit with a Massive 500 Million Account Data Breach
<https://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/> |
| Jun 2018 | Russian Attacks Against Singapore Spike During Trump-Kim Summit
<https://www.f5.com/labs/articles/threat-intelligence/russian-attacks-against-singapore-spike-during-trump-kim-summit> |
| Jun 2022 | Russian hackers may be behind Texas natural gas plant explosion: report
<https://americanmilitarynews.com/2022/06/russian-hackers-may-be-behind-texas-natural-gas-plant-explosion-report/> |
| Oct 2022 | Medibank cyber incident
<https://www.medibank.com.au/livebetter/newsroom/post/medibank-cyber-incident>
<https://www.bankinfosecurity.com/medibank-hackers-dump-stolen-on-dark-web-a-20604> |
| Jul 2024 | Poland to probe Russia-linked cyberattack on state news agency
<https://therecord.media/poland-cyberattack-investigation-state-agency> |
| Counter operations | Mar 2017 | US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two FSB Agents
<https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/> |
| Mar 2022 | Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU)
<https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation> |
| Jun 2022 | Russian Botnet Disrupted in International Cyber Operation
<https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation> |
| Jan 2024 | Australia, US, UK Sanction Russian Over 2022 Medibank Breach
<https://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163> |
| Feb 2024 | Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
<https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian> |
| Feb 2024 | Russia arrests three alleged SugarLocker ransomware members
<https://therecord.media/russia-arrests-sugarlocker-ransomware-members> |
| Jul 2024 | Justice Department Leads Efforts Among Federal, International, and Private Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm
<https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners> |
| Sep 2024 | Justice Department Disrupts Covert Russian Government-Sponsored Foreign Malign Influence Operation Targeting Audiences in the United States and Elsewhere
<https://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influence> |
| Information | <https://www.cisa.gov/news-events/alerts/2018/03/15/russian-government-cyber-activity-targeting-energy-and-other-critical>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-116a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-011a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-074a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-083a>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a>
<https://research.checkpoint.com/2019/russianaptecosystem/>
<https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf>
<https://flashpoint.io/blog/russian-apt-groups-cyber-threats/>
<https://therecord.media/doppelganger-disinformation-infrastructure-european-companies>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a> |
Last change to this card: 23 October 2024
Download this actor card in PDF or JSON format
