Common Information
| Type | Value |
|---|---|
| Value |
Winterflounder |
| Category | Actor |
| Type | Threat-Actor |
| Misp Type | Cluster |
| Description | Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-08-15 | 70 | Disrupting SEABORGIUM’s ongoing phishing operations - Microsoft Security Blog | ||
| Details | Website | 2022-08-15 | 1 | Disrupting SEABORGIUM’s ongoing phishing operations | Microsoft Security Blog | ||
| Details | Website | 2022-08-15 | 144 | Shuckworm: Russia-Linked Group Maintains Ukraine Focus | ||
| Details | Website | 2022-07-17 | 47 | Resecurity | Shortcut-based (LNK) attacks delivering malicious code on the rise | ||
| Details | Website | 2022-06-22 | 47 | A close look at the advanced techniques used in a Malaysian-focused APT campaign — Elastic Security Labs | ||
| Details | Website | 2022-06-21 | 56 | Playing defense against Gamaredon Group — Elastic Security Labs | ||
| Details | Website | 2022-06-06 | 56 | Growling Bears Make Thunderous Noise | ||
| Details | Website | 2022-05-20 | 5 | Threat Group Naming Schemes In Cyber Threat Intelligence | ||
| Details | Website | 2022-04-20 | 12 | Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine | ||
| Details | Website | 2022-03-03 | 22 | A Closer Look at the Russian Actors Targeting Organizations in Ukraine | ||
| Details | Website | 2022-02-28 | 18 | Cyber threat activity in Ukraine: analysis and resources – Microsoft Security Response Center | ||
| Details | Website | 2022-02-27 | 1 | Curated Intelligence Stands With Ukraine | ||
| Details | Website | 2022-02-23 | 1 | These new hacking groups are striking industrial, operational tech targets | ||
| Details | Website | 2022-02-22 | 26 | Russia-Ukraine Cyberattacks (Updated): How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement, Phishing and Scams | ||
| Details | Website | 2022-02-10 | 6 | Cyber Espionage and Information Warfare in Russia | Small Wars Journal | ||
| Details | Website | 2022-01-31 | 415 | Shuckworm Continues Cyber-Espionage Attacks Against Ukraine | ||
| Details | Website | 2021-11-16 | 15 | Avast Q3’21 Threat Report - Avast Threat Labs | ||
| Details | Website | 2021-11-05 | 0 | Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group | ||
| Details | Website | 2021-10-25 | 7 | Russian cyber attack campaigns and actors | ||
| Details | Website | 2021-09-30 | 0 | ESET Threat Report T2 2021 | WeLiveSecurity | ||
| Details | Website | 2021-02-23 | 28 | Gamaredon - When nation states don’t pay all the bills | ||
| Details | Website | 2021-01-18 | 51 | Gamaredon: Docx Template-Injection | ||
| Details | Website | 2020-07-30 | 112 | Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? | McAfee Blog | ||
| Details | Website | 2020-06-25 | 38 | Leviathan APT campaign in 2020 Malaysian political crisis | ||
| Details | Website | 2020-06-18 | 76 | Digging up InvisiMole’s hidden arsenal | WeLiveSecurity |