C0026

C0026C0026

ATT&CK
14.1
References
2

Description

[C0026](https://attack.mitre.org/campaigns/C0026) was a campaign identified in September 2022 that included the selective distribution of [KOPILUWAK](https://attack.mitre.org/software/S1075) and [QUIETCANARY](https://attack.mitre.org/software/S1076) malware to previous [ANDROMEDA](https://attack.mitre.org/software/S1074) malware victims in Ukraine through re-registered [ANDROMEDA](https://attack.mitre.org/software/S1074) C2 domains. Several tools and tactics used during [C0026](https://attack.mitre.org/campaigns/C0026) were consistent with historic [Turla](https://attack.mitre.org/groups/G0010) operations.(Citation: Mandiant Suspected Turla Campaign February 2023)

References

  1. https://attack.mitre.org/campaigns/C0026
  2. https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
ANDROMEDA
Campaign
C0027
Actor
UAC-0226
Campaign
2016 Ukraine Electric Power Attack
Campaign
C0017
Campaign
C0021
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.