Blog

Anomali Threat Research Provides Russian Cyber Activity Dashboard

Russian threat actors recently increased their malicious cyber activities, which are aligned with Russia’s attack on Ukraine.

Anomali Threat Research
February 24, 2022
Table of contents
<p>Russian government-sponsored threat actors recently increased their malicious activities<sup>[1]</sup>, which are aligned with Russia’s attack on Ukraine in February 2022.</p> <p>Russian retaliation for ongoing economic and diplomatic sanctions imposed by many other countries poses a significant risk of further escalation in the cyber sphere. Russian government-sponsored groups are dangerous cyber-actors that are well-resourced and relentless in their attacks, which include espionage, attacks on critical infrastructure, data destruction, and other malicious activities.</p> <p>To assist our customers, Anomali has released a dashboard focused on Russian-origin actors and Russian cyber activity for ThreatStream users, titled “<em><strong>Russian Cyber Activity</strong></em>.”</p> <p>The Anomali Threat Research team preconfigured this custom dashboard to provide immediate access and visibility into all known Russian government-related indicators of compromise (IOCs) made available through commercial and open-source threat feeds that users manage on Anomali ThreatStream.</p> <p><em><strong>Russian Cyber Activity</strong></em> is focused on seven threat actor groups: Six groups are well-known Russian advanced persistent threat (APT) groups: Berserk Bear, Cozy Bear (APT29), Fancy Bear (APT28), Gamaredon (Primitive Bear), Turla (Venomous Bear), and Voodoo Bear (Sandworm). </p> <p>Additionally, we’ve included Evil Corp (Dridex, Indrik Spider) group. Although typically financially motivated, its leader is known to work for Russia’s Federal Security Services (FSB) and has conducted cyber operations on behalf of the Russian government.<sup>[2]</sup></p> <p>Anomali customers using ThreatStream, Match, and Lens are able to immediately detect any IOCs present in their environments and quickly consume threat bulletins containing machine-readable IOCs. This enables analysts to quickly operationalize threat intelligence across their security infrastructures, as well as communicate to all stakeholders if and how they have been impacted.</p> <p>Anomali recently added thematic dashboards that respond to significant global events as part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts. In addition to <em><strong>Russian Cyber Activity</strong></em>, ThreatStream customers currently have access to multiple dashboards announced as part of our recent quarterly product release.</p> <p>Customers can easily integrate the <em><strong>Russian Cyber Activity</strong></em> dashboard, among others, in the “+ Add Dashboard” tab in the ThreatStream console:</p> <p><img alt="" src="https://cdn.filestackcontent.com/AHxjuV5pQcCAleAURriD"/></p> <h2>Endnotes</h2> <p><sup>[1]</sup> “Attack on Ukrainian Government Websites Linked to GRU Hackers,” Bellingcat Investigation Team, accessed February 24, 2022, published February 23, 2022, https://www.bellingcat.com/news/2022/02/23/attack-on-ukrainian-government-websites-linked-to-russian-gru-hackers/; Joe Tidy “​​Ukraine crisis: 'Wiper' discovered in latest cyber-attacks,” BBC News, accessed February 24, 2022, published February 24, 2022, https://www.bbc.com/news/technology-60500618.</p> <p><sup>[2]</sup> “Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware,” The U.S. Department of the Treasury, accessed February 24, 2022, published December 5, 2019, https://home.treasury.gov/news/press-releases/sm845.</p>
Anomali Threat Research

Anomali's Threat Research team continually tracks security threats to identify when new, highly critical security threats emerge. The Anomali Threat Research team's briefings discuss current threats and risks like botnets, data breaches, misconfigurations, ransomware, threat groups, and various vulnerabilities. The team also creates free and premium threat intelligence feeds for Anomali's industry-leading Threat Intelligence Platform, ThreatStream.

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

February 24, 2022
-
Anomali Threat Research
,

Anomali Threat Research Provides Russian Cyber Activity Dashboard

<p>Russian government-sponsored threat actors recently increased their malicious activities<sup>[1]</sup>, which are aligned with Russia’s attack on Ukraine in February 2022.</p> <p>Russian retaliation for ongoing economic and diplomatic sanctions imposed by many other countries poses a significant risk of further escalation in the cyber sphere. Russian government-sponsored groups are dangerous cyber-actors that are well-resourced and relentless in their attacks, which include espionage, attacks on critical infrastructure, data destruction, and other malicious activities.</p> <p>To assist our customers, Anomali has released a dashboard focused on Russian-origin actors and Russian cyber activity for ThreatStream users, titled “<em><strong>Russian Cyber Activity</strong></em>.”</p> <p>The Anomali Threat Research team preconfigured this custom dashboard to provide immediate access and visibility into all known Russian government-related indicators of compromise (IOCs) made available through commercial and open-source threat feeds that users manage on Anomali ThreatStream.</p> <p><em><strong>Russian Cyber Activity</strong></em> is focused on seven threat actor groups: Six groups are well-known Russian advanced persistent threat (APT) groups: Berserk Bear, Cozy Bear (APT29), Fancy Bear (APT28), Gamaredon (Primitive Bear), Turla (Venomous Bear), and Voodoo Bear (Sandworm). </p> <p>Additionally, we’ve included Evil Corp (Dridex, Indrik Spider) group. Although typically financially motivated, its leader is known to work for Russia’s Federal Security Services (FSB) and has conducted cyber operations on behalf of the Russian government.<sup>[2]</sup></p> <p>Anomali customers using ThreatStream, Match, and Lens are able to immediately detect any IOCs present in their environments and quickly consume threat bulletins containing machine-readable IOCs. This enables analysts to quickly operationalize threat intelligence across their security infrastructures, as well as communicate to all stakeholders if and how they have been impacted.</p> <p>Anomali recently added thematic dashboards that respond to significant global events as part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts. In addition to <em><strong>Russian Cyber Activity</strong></em>, ThreatStream customers currently have access to multiple dashboards announced as part of our recent quarterly product release.</p> <p>Customers can easily integrate the <em><strong>Russian Cyber Activity</strong></em> dashboard, among others, in the “+ Add Dashboard” tab in the ThreatStream console:</p> <p><img alt="" src="https://cdn.filestackcontent.com/AHxjuV5pQcCAleAURriD"/></p> <h2>Endnotes</h2> <p><sup>[1]</sup> “Attack on Ukrainian Government Websites Linked to GRU Hackers,” Bellingcat Investigation Team, accessed February 24, 2022, published February 23, 2022, https://www.bellingcat.com/news/2022/02/23/attack-on-ukrainian-government-websites-linked-to-russian-gru-hackers/; Joe Tidy “​​Ukraine crisis: 'Wiper' discovered in latest cyber-attacks,” BBC News, accessed February 24, 2022, published February 24, 2022, https://www.bbc.com/news/technology-60500618.</p> <p><sup>[2]</sup> “Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware,” The U.S. Department of the Treasury, accessed February 24, 2022, published December 5, 2019, https://home.treasury.gov/news/press-releases/sm845.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.