🇷🇺

DEV-0586

APT Group Sabotage and destruction Information theft and espionage 4 zero-day CVEs ETDA ✓

Also Known As 2 names

Cadet Blizzard Ruinous Ursa

Target Countries 11

Countries highlighted in red

Estonia United Kingdom Georgia Lithuania Latvia Republic of Moldova Poland Ukraine United States Uruguay Uzbekistan

Sectors Targeted

Periodical Publishers 51112 Internet Publishing and Broadcasting and Web Search Portals 51913

Details

Origin 🇷🇺 RU
Last Updated 23 Jul 2022

MITRE ATT&CK 71

T1003 - OS Credential Dumping T1003.001 T1003.002 T1003.004 T1005 T1018 T1021 T1036 T1036.005 T1046 - Network Service Scanning T1047 T1053 T1053.005 T1059 - Command and Scripting Interpreter T1059.001 T1070 T1070.004 T1071 - Application Layer Protocol T1071.004 T1078 - Valid Accounts T1078.001 T1078.003 T1090 - Proxy T1090.003 T1095 - Non-Application Layer Protocol T1105 - Ingress Tool Transfer T1110 - Brute Force T1110.003 T1112 T1114 - Email Collection T1119 T1125 - Video Capture T1133 T1134 T1190 - Exploit Public-Facing Application T1195 T1203 T1210 T1213 - Data from Information Repositories T1485 - Data Destruction T1486 T1491 T1491.002 T1505 - Server Software Component T1505.003 T1550 - Use Alternate Authentication Material T1550.002 T1552 - Unsecured Credentials T1552.001 T1560 - Archive Collected Data T1561 T1561.002 T1562 T1562.001 T1567 - Exfiltration Over Web Service T1567.002 T1570 T1571 T1572 - Protocol Tunneling T1583 - Acquire Infrastructure T1583.003 T1585 T1588 - Obtain Capabilities T1588.001 T1588.005 T1590 - Gather Victim Network Information T1595 - Active Scanning T1595.001 T1595.002 T1596 - Search Open Technical Databases T1654

Related Zero-Days 4

CVE-2020-1472 CVE-2022-26134 CVE-2022-26138 CVE-2022-3236