SYMBOLCOMMON_NAMEaka. SYNONYMS

SaintBear  (Back to overview)

aka: UNC2589, TA471, UAC-0056, Nascent Ursa, Nodaria, FROZENVISTA

A group targeting UA state organizations using the GraphSteel and GrimPlant malware.


Associated Families
win.graphiron

References
2023-05-16SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20230516:growing:c703021, author = {Counter Threat Unit ResearchTeam}, title = {{The Growing Threat from Infostealers}}, date = {2023-05-16}, organization = {Secureworks}, url = {https://www.secureworks.com/research/the-growing-threat-from-infostealers}, language = {English}, urldate = {2023-07-31} } The Growing Threat from Infostealers
Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar
2023-02-16GoogleShane Huntley
@online{huntley:20230216:fog:de676ba, author = {Shane Huntley}, title = {{Fog of war: how the Ukraine conflict transformed the cyber threat landscape}}, date = {2023-02-16}, organization = {Google}, url = {https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/}, language = {English}, urldate = {2023-02-16} } Fog of war: how the Ukraine conflict transformed the cyber threat landscape
APT28 Ghostwriter SaintBear Sandworm Turla
2023-02-08BroadcomThreat Hunter Team
@online{team:20230208:graphiron:64d8665, author = {Threat Hunter Team}, title = {{Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine}}, date = {2023-02-08}, organization = {Broadcom}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer}, language = {English}, urldate = {2023-02-13} } Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine
Graphiron SaintBear
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:nascent:4d2484b, author = {Unit 42}, title = {{Nascent Ursa}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/nascentursa/}, language = {English}, urldate = {2022-07-25} } Nascent Ursa
Saint Bot SaintBear
2022-04-07MalpediaMalpedia
@online{malpedia:20220407:malpedia:9d3108e, author = {Malpedia}, title = {{Malpedia Page for GraphSteel}}, date = {2022-04-07}, organization = {Malpedia}, url = {https://malpedia.caad.fkie.fraunhofer.de/details/win.graphsteel}, language = {English}, urldate = {2022-05-05} } Malpedia Page for GraphSteel
GraphSteel SaintBear
2022-04-04IntezerJoakim Kennedy, Nicole Fishbein
@online{kennedy:20220404:elephant:b2c14b1, author = {Joakim Kennedy and Nicole Fishbein}, title = {{Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations}}, date = {2022-04-04}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs/}, language = {English}, urldate = {2022-04-07} } Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
GraphSteel GrimPlant SaintBear
2022-04-01MalwarebytesAnkur Saini, Roberto Santos, Hossein Jazi
@online{saini:20220401:new:273cbe0, author = {Ankur Saini and Roberto Santos and Hossein Jazi}, title = {{New UAC-0056 activity: There’s a Go Elephant in the room}}, date = {2022-04-01}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/}, language = {English}, urldate = {2022-04-05} } New UAC-0056 activity: There’s a Go Elephant in the room
GrimPlant SaintBear
2022-03-28Cert-UACert-UA
@online{certua:20220328:uac0056:46919e1, author = {Cert-UA}, title = {{UAC-0056 cyberattack on Ukrainian state authorities using GraphSteel and GrimPlant malware (CERT-UA#4293)}}, date = {2022-03-28}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/38374}, language = {Ukrainian}, urldate = {2022-03-31} } UAC-0056 cyberattack on Ukrainian state authorities using GraphSteel and GrimPlant malware (CERT-UA#4293)
GraphSteel GrimPlant SaintBear
2022-03-15SentinelOneAmitai Ben Shushan Ehrlich
@online{ehrlich:20220315:threat:7f64477, author = {Amitai Ben Shushan Ehrlich}, title = {{Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software}}, date = {2022-03-15}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/}, language = {English}, urldate = {2022-03-17} } Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
Cobalt Strike GraphSteel GrimPlant SaintBear

Credits: MISP Project