G0078

The Gorgon GroupThe Gorgon Group

Also known as: Gorgon Group · Subaat · ATK92 · G0078 · Pasty Gemini · The Gorgon Group

Known aliases
6

Profile

Unit 42 researchers have been tracking Subaat, an attacker, since 2017. Recently Subaat drew our attention due to renewed targeted attack activity. Part of monitoring Subaat included realizing the actor was possibly part of a larger crew of individuals responsible for carrying out targeted attacks against worldwide governmental organizations. Technical analysis on some of the attacks as well as attribution links with Pakistan actors have been already depicted by 360 and Tuisec, in which they found interesting connections to a larger group of attackers Unit 42 researchers have been tracking, which we are calling Gorgon Group.

Aliases· 6

Gorgon GroupSubaatATK92Pasty GeminiThe Gorgon Group
G0078

MITRE ATT&CK Group crosswalk

G0078

References

  1. https://unit42.paloaltonetworks.com/unit42-gorgon-group-slithering-nation-state-cybercrime/
  2. https://unit42.paloaltonetworks.com/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/
  3. https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/
  4. https://attack.mitre.org/groups/G0078/
  5. https://unit42.paloaltonetworks.com/atoms/pastygemini/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Gorgon Group
Actor
Gamaredon Group
Group
APT41
Actor
Attor
Actor
TA402
Actor
APT42
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.