RU

Winter VivernWinter Vivern

Also known as: UAC-0114 · TA473 · TAG-70 · TA-473 · Winter Vivern

Origin
RU
Known aliases
5

Profile

Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets governments in Europe and Central Asia. To compromise its targets, the group uses malicious documents, phishing websites, and a custom PowerShell backdoor.

Aliases· 5

UAC-0114TA473TAG-70TA-473Winter Vivern

Known victims· 1

  • Germany

References

  1. https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/
  2. https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs
  3. https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
  4. https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
  5. https://socprime.com/blog/uac-0114-group-aka-winter-vivern-attack-detection-hackers-launch-malicious-phishing-campaigns-targeting-government-entities-of-ukraine-and-poland/
  6. https://cybersecuritynews.com/russian-hackers-xss-flaw/
  7. https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail
  8. https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Void Blizzard
Actor
GOLD WINTER
Actor
Vanilla Tempest
Actor
TEMP.Veles
Actor
UAC-0226
Actor
UAC-0063
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.