DEV-0586 (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

DEV-0586 (Back to overview)

aka: Cadet Blizzard, Ruinous Ursa

MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware (WhisperGate), which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.

Associated Families

There are currently no families associated with this actor.

References

2023-06-14 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Cadet Blizzard emerges as a novel and distinct Russian threat actor
p0wnyshell reGeorg WhisperGate DEV-0586 SaintBear

2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Ruinous Ursa
WhisperGate DEV-0586

2022-02-28 ⋅ Microsoft ⋅ MSRC Team
Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586

2022-01-15 ⋅ Microsoft ⋅ Microsoft, Microsoft 365 Defender Threat Intelligence Team, Microsoft Detection and Response Team (DART), Microsoft Digital Security Unit (DSU), Microsoft Security Intelligence
Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate DEV-0586

Credits: MISP Project