Home >
List all groups > [Unnamed groups: Russia]
APT group: [Unnamed groups: Russia]
Names | [Unnamed groups: Russia] (?) |
Country | Russia |
Motivation | Information theft and espionage, Financial gain, Sabotage and destruction |
First seen | 2014 |
Description | These are reported APT activities attributed to a country, but not to an individual threat group. |
Observed | Sectors: Financial. Countries: Australia, Singapore, USA and Worldwide. |
Tools used | |
Operations performed | 2014 | Yahoo hit with a Massive 500 Million Account Data Breach <https://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/> |
Jun 2018 | Russian Attacks Against Singapore Spike During Trump-Kim Summit <https://www.f5.com/labs/articles/threat-intelligence/russian-attacks-against-singapore-spike-during-trump-kim-summit> |
Jun 2022 | Russian hackers may be behind Texas natural gas plant explosion: report <https://americanmilitarynews.com/2022/06/russian-hackers-may-be-behind-texas-natural-gas-plant-explosion-report/> |
Oct 2022 | Medibank cyber incident <https://www.medibank.com.au/livebetter/newsroom/post/medibank-cyber-incident> <https://www.bankinfosecurity.com/medibank-hackers-dump-stolen-on-dark-web-a-20604> |
Jul 2024 | Poland to probe Russia-linked cyberattack on state news agency <https://therecord.media/poland-cyberattack-investigation-state-agency> |
Counter operations | Mar 2017 | US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two FSB Agents <https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/> |
Mar 2022 | Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) <https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation> |
Jun 2022 | Russian Botnet Disrupted in International Cyber Operation <https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation> |
Jan 2024 | Australia, US, UK Sanction Russian Over 2022 Medibank Breach <https://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163> |
Feb 2024 | Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) <https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian> |
Feb 2024 | Russia arrests three alleged SugarLocker ransomware members <https://therecord.media/russia-arrests-sugarlocker-ransomware-members> |
Jul 2024 | Justice Department Leads Efforts Among Federal, International, and Private Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm <https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners> |
Sep 2024 | Justice Department Disrupts Covert Russian Government-Sponsored Foreign Malign Influence Operation Targeting Audiences in the United States and Elsewhere <https://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influence> |
Information | <https://www.cisa.gov/news-events/alerts/2018/03/15/russian-government-cyber-activity-targeting-energy-and-other-critical> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-116a> <https://www.cisa.gov/uscert/ncas/alerts/aa22-011a> <https://www.cisa.gov/uscert/ncas/alerts/aa22-074a> <https://www.cisa.gov/uscert/ncas/alerts/aa22-083a> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a> <https://research.checkpoint.com/2019/russianaptecosystem/> <https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf> <https://flashpoint.io/blog/russian-apt-groups-cyber-threats/> <https://therecord.media/doppelganger-disinformation-infrastructure-european-companies> <https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a> |
Last change to this card: 23 October 2024
Download this actor card in PDF or JSON format
Previous: [Unnamed groups: North Korea]
Next: 8220 Gang