ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > [Unnamed groups: Russia]

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: [Unnamed groups: Russia]

Names[Unnamed groups: Russia] (?)
CountryRussia Russia
MotivationInformation theft and espionage, Financial gain, Sabotage and destruction
First seen2014
DescriptionThese are reported APT activities attributed to a country, but not to an individual threat group.
ObservedSectors: Financial.
Countries: Australia, Singapore, USA and Worldwide.
Tools used
Operations performed2014Yahoo hit with a Massive 500 Million Account Data Breach
<https://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/>
Jun 2018Russian Attacks Against Singapore Spike During Trump-Kim Summit
<https://www.f5.com/labs/articles/threat-intelligence/russian-attacks-against-singapore-spike-during-trump-kim-summit>
Jun 2022Russian hackers may be behind Texas natural gas plant explosion: report
<https://americanmilitarynews.com/2022/06/russian-hackers-may-be-behind-texas-natural-gas-plant-explosion-report/>
Oct 2022Medibank cyber incident
<https://www.medibank.com.au/livebetter/newsroom/post/medibank-cyber-incident>
<https://www.bankinfosecurity.com/medibank-hackers-dump-stolen-on-dark-web-a-20604>
Jul 2024Poland to probe Russia-linked cyberattack on state news agency
<https://therecord.media/poland-cyberattack-investigation-state-agency>
Counter operationsMar 2017US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two FSB Agents
<https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/>
Mar 2022Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU)
<https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation>
Jun 2022Russian Botnet Disrupted in International Cyber Operation
<https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation>
Jan 2024Australia, US, UK Sanction Russian Over 2022 Medibank Breach
<https://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163>
Feb 2024Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
<https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian>
Feb 2024Russia arrests three alleged SugarLocker ransomware members
<https://therecord.media/russia-arrests-sugarlocker-ransomware-members>
Jul 2024Justice Department Leads Efforts Among Federal, International, and Private Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm
<https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners>
Sep 2024Justice Department Disrupts Covert Russian Government-Sponsored Foreign Malign Influence Operation Targeting Audiences in the United States and Elsewhere
<https://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influence>
Information<https://www.cisa.gov/news-events/alerts/2018/03/15/russian-government-cyber-activity-targeting-energy-and-other-critical>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-116a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-011a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-074a>
<https://www.cisa.gov/uscert/ncas/alerts/aa22-083a>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a>
<https://research.checkpoint.com/2019/russianaptecosystem/>
<https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf>
<https://flashpoint.io/blog/russian-apt-groups-cyber-threats/>
<https://therecord.media/doppelganger-disinformation-infrastructure-european-companies>
<https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a>

Last change to this card: 23 October 2024

Download this actor card in PDF or JSON format

Previous: [Unnamed groups: North Korea]
Next: 8220 Gang

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]