SYMBOLCOMMON_NAMEaka. SYNONYMS

SaintBear  (Back to overview)

aka: DEV-0587, FROZENVISTA, Lorec53, Nascent Ursa, Nodaria, Saint Bear, Storm-0587, TA471, UAC-0056, UNC2589

A group targeting UA state organizations using the GraphSteel and GrimPlant malware.


Associated Families
win.graphiron

References
2023-06-14MicrosoftMicrosoft Threat Intelligence
Cadet Blizzard emerges as a novel and distinct Russian threat actor
p0wnyshell reGeorg WhisperGate DEV-0586 SaintBear
2023-05-16SecureworksCounter Threat Unit ResearchTeam
The Growing Threat from Infostealers
Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar
2023-04-12circleidWhoisXML API
Probing Lorec53 Phishing through the DNS Microscope
SaintBear
2023-02-16GoogleShane Huntley
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
APT28 Ghostwriter SaintBear Sandworm Turla
2023-02-08BroadcomThreat Hunter Team
Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine
Graphiron SaintBear
2022-07-18Palo Alto Networks Unit 42Unit 42
Nascent Ursa
Saint Bot SaintBear
2022-04-07MalpediaMalpedia
Malpedia Page for GraphSteel
GraphSteel SaintBear
2022-04-04IntezerJoakim Kennedy, Nicole Fishbein
Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
GraphSteel GrimPlant SaintBear
2022-04-01MalwarebytesAnkur Saini, Hossein Jazi, Roberto Santos
New UAC-0056 activity: There’s a Go Elephant in the room
GrimPlant SaintBear
2022-03-28Cert-UACert-UA
UAC-0056 cyberattack on Ukrainian state authorities using GraphSteel and GrimPlant malware (CERT-UA#4293)
GraphSteel GrimPlant SaintBear
2022-03-15SentinelOneAmitai Ben Shushan Ehrlich
Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
Cobalt Strike GraphSteel GrimPlant SaintBear
2021-11-23NSFOCUSNSFOCUS
2021 Analysis Report on Lorec53 Group
SaintBear

Credits: MISP Project