RU

FlyingYetiFlyingYeti

Also known as: Storm-1837 · Flying Yeti · FlyingYeti

Origin
RU
Known aliases
3

Profile

FlyingYeti is a Russia-aligned threat actor targeting Ukrainian military entities. They conduct reconnaissance activities and launch phishing campaigns using malware like COOKBOX. FlyingYeti exploits the WinRAR vulnerability CVE-2023-38831 to infect targets with malicious payloads. Cloudforce One has successfully disrupted their operations and provided recommendations for defense against their phishing campaigns.

Aliases· 3

Storm-1837Flying YetiFlyingYeti

References

  1. https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine
  2. https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
  3. https://www.cloudflare.com/threat-intelligence/research/report/disrupting-flyingyetis-campaign-targeting-ukrainev/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Void Blizzard
Actor
UAC-0099
Actor
UAC-0149
Actor
Bearlyfy
Actor
UAC-0241
Actor
YoroTrooper
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.