ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > OldGremlin

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: OldGremlin

NamesOldGremlin (Group-IB)
CountryRussia Russia
MotivationFinancial crime, Financial gain
First seen2020
Description(Group-IB) Group-IB Threat Intelligence team recently tracked a successful attack conducted on a Russian medical company by OldGremlin, a new criminal group. The threat actor encrypted the company's entire corporate network and demanded a $50,000 ransom. It is common knowledge that Russian hackers have an unspoken rule about not working within Russia and post-Soviet countries. Yet OldGremlin, made up of Russian speakers, is actively attacking Russian companies: banks, industrial enterprises, medical organizations, software developers… According to Group-IB expert estimations, since the spring OldGremlin has conducted at least seven phishing campaigns. The hackers have impersonated the self-regulatory organization Mikrofinansirovaniye i Razvitiye (SRO MiR); a Russian metallurgical holding company; the Belarusian plant Minsk Tractor Works; a dental clinic; and the media holding company RBC.
ObservedSectors: Financial, Healthcare, Media.
Countries: Russia.
Tools usedCobalt Strike, TinyCryptor, TinyNode, TinyPosh.
Operations performedFeb 2021Old Gremlins, new methods
<https://blog.group-ib.com/oldgremlin_comeback>
Information<https://www.group-ib.com/blog/oldgremlin>
<https://www.group-ib.com/media-center/press-releases/oldgremlin-2022/>

Last change to this card: 18 November 2022

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]