Contact

Frequent freeloader: Russian actor using tools of other groups to attack Ukraine

NetmanageIT OpenCTI - opencti.netmanageit.com

Frequent freeloader: Russian actor using tools of other groups to attack Ukraine



SUMMARY :

Russian nation-state actor Secret Blizzard has been observed using tools and infrastructure from other threat actors to compromise targets in Ukraine. Between March and April 2024, Secret Blizzard utilized the Amadey bot malware associated with cybercriminal activity to deploy its custom Tavdig and KazuarV2 backdoors on Ukrainian military devices. In January 2024, Secret Blizzard also leveraged a backdoor from Storm-1837, a Russia-based threat actor targeting Ukrainian drone pilots, to install its malware. This approach highlights Secret Blizzard's strategy of diversifying attack vectors and prioritizing access to military targets in Ukraine. The actor employs various techniques including strategic web compromises, adversary-in-the-middle campaigns, and spear-phishing for initial access.

OPENCTI LABELS :

ukraine,amadey,secret blizzard,kazuarv2


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Frequent freeloader: Russian actor using tools of other groups to attack Ukraine