DEV-0586  (Back to overview)

aka: Cadet Blizzard, Ruinous Ursa

MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware (WhisperGate), which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.

Associated Families

There are currently no families associated with this actor.

2023-06-14MicrosoftMicrosoft Threat Intelligence
Cadet Blizzard emerges as a novel and distinct Russian threat actor
p0wnyshell reGeorg WhisperGate DEV-0586 SaintBear
2022-07-18Palo Alto Networks Unit 42Unit 42
Ruinous Ursa
WhisperGate DEV-0586
2022-02-28MicrosoftMSRC Team
Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586
2022-01-15MicrosoftMicrosoft, Microsoft 365 Defender Threat Intelligence Team, Microsoft Detection and Response Team (DART), Microsoft Digital Security Unit (DSU), Microsoft Security Intelligence
Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate DEV-0586

Credits: MISP Project