ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > WildCard

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: WildCard

NamesWildCard (Intezer)
Country[Unknown]
MotivationInformation theft and espionage
First seen2021
Description(Intezer) Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants disguised as legitimate software, and a recently developed malware called ‘RustDown,’ written in Rust for potential operational advantages. Connections to Operation Electric Powder indicate WildCard’s advanced capabilities with a focus on critical sectors within Israel. While we’ve begun to understand WildCard’s tactics and methods, their precise identity is still enigmatic, demanding deeper analysis and collaboration within the infosec community.
ObservedSectors: Education, Industrial.
Countries: Israel.
Tools usedRustDown, SysJoker.
Information<https://intezer.com/blog/research/wildcard-evolution-of-sysjoker-cyber-threat/>
<https://research.checkpoint.com/2023/israel-hamas-war-spotlight-shaking-the-rust-off-sysjoker/>

Last change to this card: 30 November 2023

Download this actor card in PDF or JSON format

Previous: Wicked Spider, APT 22
Next: Wild Neutron, Butterfly, Sphinx Moth

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]