Unnamed groups: Russia
Description
These are reported APT activities attributed to a country, but not to an individual threat group.
Names
Name | Name-Giver |
---|---|
[Unnamed groups: Russia] | ? |
Country
Motivation
- Information theft and espionage
- Financial gain
- Sabotage and destruction
First Seen
2014
Observed Sectors
Observed Countries
Operations
- 2014: Yahoo hit with a Massive 500 Million Account Data Breach https://www.bleepingcomputer.com/news/business/yahoo-hit-with-a-massive-500-million-account-data-breach/
- 2018-06: Russian Attacks Against Singapore Spike During Trump-Kim Summit https://www.f5.com/labs/articles/threat-intelligence/russian-attacks-against-singapore-spike-during-trump-kim-summit
- 2022-06: Russian hackers may be behind Texas natural gas plant explosion: report https://americanmilitarynews.com/2022/06/russian-hackers-may-be-behind-texas-natural-gas-plant-explosion-report/
- 2022-10: Medibank cyber incident https://www.medibank.com.au/livebetter/newsroom/post/medibank-cyber-incident https://www.bankinfosecurity.com/medibank-hackers-dump-stolen-on-dark-web-a-20604
- 2024-07: Poland to probe Russia-linked cyberattack on state news agency https://therecord.media/poland-cyberattack-investigation-state-agency
- 2024-11: Seoul accuses pro-Kremlin hackers of attacking websites over decision to monitor North Korean troops in Ukraine https://therecord.media/seoul-accuses-pro-kremlin-hackers-of-attacking-websites-ukraine
Counter Operations
- 2017-03: US Charges Four Hackers in Yahoo 2014 Security Breach, Including Two FSB Agents https://www.bleepingcomputer.com/news/security/us-charges-four-hackers-in-yahoo-2014-security-breach-including-two-fsb-agents/
- 2022-03: Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
- 2022-06: Russian Botnet Disrupted in International Cyber Operation https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation
- 2024-01: Australia, US, UK Sanction Russian Over 2022 Medibank Breach https://www.bankinfosecurity.com/australia-us-uk-sanction-russian-over-2022-medibank-breach-a-24163
- 2024-02: Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU) https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
- 2024-02: Russia arrests three alleged SugarLocker ransomware members https://therecord.media/russia-arrests-sugarlocker-ransomware-members
- 2024-07: Justice Department Leads Efforts Among Federal, International, and Private Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners
- 2024-09: Justice Department Disrupts Covert Russian Government-Sponsored Foreign Malign Influence Operation Targeting Audiences in the United States and Elsewhere https://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influence
- 2024-11: Russia arrests cybercriminal Wazawaka for ties with ransomware gangs https://www.bleepingcomputer.com/news/security/russia-arrests-cybercriminal-wazawaka-for-ties-with-ransomware-gangs/
- 2024-12: Russia sentences Hydra dark web market leader to life in prison https://www.bleepingcomputer.com/news/security/russia-sentences-hydra-dark-web-market-leader-to-life-in-prison/
- 2024-12: Operation “Destabilise” Operation Destabilise: NCA disrupts $multi-billion Russian money laundering networks with links to, drugs, ransomware and espionage, resulting in 84 arrests https://www.nationalcrimeagency.gov.uk/news/operation-destabilise-nca-disrupts-multi-billion-russian-money-laundering-networks-with-links-to-drugs-ransomware-and-espionage-resulting-in-84-arrests https://therecord.media/operation-destabilise-money-laundering-investigation-uk-nca
- 2024-12: EU issues first-ever sanctions over ‘Russian hybrid threats’ https://therecord.media/eu-issues-sanctions-over-russia-hybrid-threats
- 2025-01: Treasury Sanctions Entities in Iran and Russia That Attempted to Interfere in the U.S. 2024 Election https://home.treasury.gov/news/press-releases/jy2766
- 2025-01: Three Russian-German Nationals Charged with Espionage for Russian Secret Service https://thehackernews.com/2025/01/three-russian-german-nationals-charged.html
- 2025-01: Cyber-attacks: three individuals added to EU sanctions list for malicious cyber activities against Estonia https://www.consilium.europa.eu/en/press/press-releases/2025/01/27/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia/
- 2025-05: Russian hybrid threats: EU lists further 21 individuals and 6 entities and introduces sectoral measures in response to destabilising activities against the EU, its member states and international partners https://www.consilium.europa.eu/en/press/press-releases/2025/05/20/russian-hybrid-threats-eu-lists-further-21-individuals-and-6-entities-and-introduces-sectoral-measures-in-response-to-destabilising-activities-against-the-eu-its-member-states-and-international-partners/
Information
- https://www.cisa.gov/news-events/alerts/2018/03/15/russian-government-cyber-activity-targeting-energy-and-other-critical
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-116a
- https://www.cisa.gov/uscert/ncas/alerts/aa22-011a
- https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
- https://www.cisa.gov/uscert/ncas/alerts/aa22-083a
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a
- https://research.checkpoint.com/2019/russianaptecosystem/
- https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf
- https://flashpoint.io/blog/russian-apt-groups-cyber-threats/
- https://therecord.media/doppelganger-disinformation-infrastructure-european-companies
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
Other Information
Uuid
d8af7e66-0392-4082-bdb9-f7157083d079
Last Card Change
2025-06-27