216.73.216.133

Frequent freeloader: Russian actor using tools of other groups to attack Ukraine

· Published 13/12/2024 13:28 · Modified 13/12/2024 19:00

Export JSON

Essential information

Published
13/12/2024 13:28
Modified
13/12/2024 19:00
Tags
2024-12-13 amadey kazuarv2 secret blizzard ukraine
Related entities
1 intrusion sets (apt), 20 techniques (mitre), 3 malware, 3 others

Description

Russian nation-state actor has been observed using tools and infrastructure from other threat actors to compromise targets in . Between March and April 2024, utilized the bot malware associated with cybercriminal activity to deploy its custom Tavdig and backdoors on Ukrainian military devices. In January 2024, also leveraged a backdoor from Storm-1837, a Russia-based threat actor targeting Ukrainian drone pilots, to install its malware. This approach highlights 's strategy of diversifying attack vectors and prioritizing access to military targets in . The actor employs various techniques including strategic web compromises, adversary-in-the-middle campaigns, and spear-phishing for initial access.

External references