The activity of the Calypso group was first revealed by specialists of the PT Expert Security Center in March 2019, during work to detect cyber threats. The group has been active at least since September 2016. The group's main objective is to steal confidential data and its main victims are public institutions of Brazil, India, Kazakhstan, Russia, Thailand and Turkey.
LuckyMouse · Emissary Panda · APT27 · Iron Tiger · TG-3390 · TEMP.Hippo · Group 35 · ZipToken
Bronze Union is an APT group that has been active since at least 2010. Different researchers all believe that the group originated in China. It widely uses watering hole techniques for initial penetration, in particular, infection of websites visited by victims, as well as phishing and network service vulnerabilities. The group specializes in cyber-espionage, primarily in networks of government agencies, defense enterprises and political organizations. In 2020, some researchers (including specialists from the PT Expert Secutity Center) suggested that the group had become financially motivated.
BlueTraveller
The cyber-espionage group TaskMasters was discovered in 2018 by PT Expert Security Center specialists. The group has been active at least since 2010. The targeted organizations include major industrial and energy enterprises, public structures, and transport companies. The group attacks companies of various countries, although most victims are in Russia and CIS countries.
EvilCorp · ATK 103 · SectorJ04 · Hive0065 · GRACEFUL SPIDER · GOLD TAHOE · Dudear · CHIMBORAZO
The activity of the TA505 group was first discovered and described in 2014, but the group itself is believed to have been around since 2006. The group's victims feature companies from various sectors around the world. The group employs a wide range of tools, designed to handle any task. Phishing is the main means applied to penetrate an infrastructure. It finds its victims all over the world, avoiding the CIS. According to researchers, the group is presumed to be Russian-speaking. TA505 follows the latest trends, using the COVID-19 theme and ZeroLogon vulnerability in its attacks.
The Silence cybercrime group appeared in 2016 and attacked organizations in the credit and financial sector, mainly in Russia. The group's objective is to steal cash from hacked ATMs, card processing and AWS-CBR. Since 2018, the group has expanded the geography of its attacks and now attacks organizations all over the world. In some attacks, the group used tools from the TA505 group, which may indicate their cooperation.
The RTM cybercrime group began its activity in 2015 and it attacks organizations from various sectors, to steal cash from accounts, confidential documents and accounts. The group uses malware that it develops itself. The group's malware does not have a static control server; it receives it through the blockchain.
Cobalt Gang · Cobalt Spider
The Cobalt cybercrime group has been active since 2016 and it attacks lending and finance organizations in its pursuit of stealing money by breaking into ATMs, card processing and various payment systems (such as SWIFT and the Automated Workstation Client of the Russian Central Bank (AWS-CBR)). It is assumed that several group members were once part of the Carbanak group that existed previously. According to FinCERT, in 2017, losses from Cobalt attacks in Russia exceeded RUB 1 billion. The group continued its activity even after the arrest of one of the group's leaders in 2018. One of the largest scale hacks in which the group was involved targeted the Unistream fast payments system.
Fill in the form and our specialists will contact you shortly.
