A group targeting UA state organizations using the GraphSteel and GrimPlant malware.
Also known as
UNC2589, TA471, UAC-0056, Nascent Ursa, Nodaria, FROZENVISTA, Storm-0587, DEV-0587, Saint Bear, Lorec53, EMBER BEAR, Lorec Bear, Bleeding Bear, Cadet Blizzard.
References
- malpedia.caad.fkie.fraunhofer.de
- cert.gov.ua
- blog.malwarebytes.com
- intezer.com
- sentinelone.com
- unit42.paloaltonetworks.com
- symantec-enterprise-blogs.security.com
- blog.google
- microsoft.com
- circleid.com
- nsfocusglobal.com
- crowdstrike.com
Actor metadata imported from Malpedia (Fraunhofer FKIE).