🇷🇺

Unit 29155

APT Group Sabotage and destruction Information theft and espionage 3 zero-day CVEs ETDA ✓

Also Known As

No alias recorded

Target Countries 42

Countries highlighted in red

Afghanistan Armenia Australia Azerbaijan Bulgaria Canada Switzerland China Czech Republic Germany Estonia Spain France United Kingdom Georgia Greece Israel India Iceland Italy Jordan Kyrgyzstan Lebanon Lithuania Luxembourg Latvia Republic of Moldova Montenegro Netherlands Poland Portugal Qatar Romania Sweden Slovakia Swaziland Tajikistan Turkmenistan Turkey Ukraine United States Uzbekistan

Sectors Targeted

Information 51 National Security and International Affairs 928 Telecommunications 517 Periodical Publishers 51112 Health Care and Social Assistance 62 National Security and International Affairs 928110 Law enforcement Public Administration 92 IT Commercial Banking 52211 Internet Publishing and Broadcasting and Web Search Portals 51913 NGOs NAICS:48 48 Utilities 22 Publishing Industries (except Internet) 511 Finance and Insurance 52 Government Insurance Carriers and Related Activities 524

Details

Origin 🇷🇺 RU
Last Updated 02 Jun 2025

Malware Families 2

saint_bot
pas

MITRE ATT&CK 94

T1003 T1003.001 T1003.001-OS Credential Dumping T1003.002 T1003.002-OS Credential Dumping T1003.004 T1005 T1018 T1021 T1036 T1036.005 T1046 T1046-Network Service Discovery T1047 T1053 T1053.005 T1059 T1059.001 T1059.001-Command and Scripting Interpreter T1070 T1070.004 T1071 T1071.001-Application Layer Protocol T1071.004 T1071.004-Application Layer Protocol T1078 T1078.001 T1078.001-Valid Accounts T1090 T1090.003 T1090.003-Proxy T1095 T1095-Non Application Layer Protocol T1105-Ingress Tool Transfer T1110 T1110.003 T1110.003-Brute Force T1112 T1114 T1114-Email Collection T1119 T1125 T1125-Video Capture T1133 T1190 T1190-Exploit Public T1195 T1203 T1210 T1213.001-Data from Information Repositories T1485-Data Destruction T1491 T1491.002 T1505 T1505.003 T1505.003-Server Software Component T1550 T1550.002 T1550.002-Use Alternate Authentication Material T1552 T1552.001 T1552.001-Unsecured Credentials T1560 T1560-Archive Collected Data T1561 T1561.002 T1562 T1562.001 T1567 T1567.002 T1567.002-Exfiltration Over Web Service T1570 T1571 T1572 T1572-Protocol Tunneling T1583 T1583.003 T1583.003-Acquire Infrastructure T1585 T1588 T1588.001 T1588.001-Obtain Capabilities T1588.005 T1588.005-Obtain Capabilities T1590.002-Gather Victim Network Information T1595 T1595-Active Scanning T1595.001 T1595.001-Scanning IP Blocks T1595.002 T1595.002-Vulnerability Scanning T1596.005-Search Open Technical Databases T1654 T1654-Log Enumeration

Related Zero-Days 3

CVE-2023-23397 CVE-2023-38831 CVE-2025-49704