Scarab

Description

(Symantec) A group of attackers, which we call Scarab, has been performing highly targeted attacks against particular Russian-speaking individuals both inside and outside of Russia since at least January 2012. In each campaign, the attackers typically target a small amount of individuals—rather than enterprises or governments—using economic, military, topical, or generic lures. On average, less than ten unique computers are infected per month and there is no indication that the attackers are trying to spread through the victim’s local network, suggesting that Scarab’s campaigns are extremely targeted in nature.

Names

Name	Name-Giver
Scarab	Symantec
UAC-0026	CERT-UA

Country

China

Motivation

Information theft and espionage

First Seen

2012

Observed Countries

Tools

Scieron

Operations

2022-03: Chinese Threat Actor Scarab Targeting Ukraine https://www.sentinelone.com/labs/chinese-threat-actor-scarab-targeting-ukraine/

Information

https://web.archive.org/web/20150124025612/http:/www.symantec.com:80/connect/blogs/scarab-attackers-took-aim-select-russian-targets-2012

Other Information

Uuid

fdce7dae-4820-43ae-b2c7-8dc50e010c6c

Last Card Change

2022-04-04

Threat Intelligence Garden

Explorer

Scarab

Scarab

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Operations

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks