APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
Ember Bear (aka Cadet Blizzard, Bleeding Bear) · APT Atlas
Actors
/
Nation-state / APT
/
Europe
Ember Bear
APT
RU · Russia
AKA
Cadet Blizzard · Bleeding Bear · Saint Bear · Lorec53 · UAC-0056
Microsoft
:
DEV-0586
Mandiant
:
UNC2589
GRU cluster responsible for WhisperGate wiper attacks on Ukraine.
Targets
16
Sectors
2
Threat types
2
GIRs covered
0/480
Active since
2020
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 16 countries
Region filter
Export
origin · Russia
targeted countries · 16
EUROPE ·
10
Austria
·
Belgium
·
Germany
·
Denmark
·
France
·
United Kingdom
·
Lithuania
·
Latvia
·
Poland
·
Ukraine
OCEANIA ·
1
Australia
ASIA ·
4
Georgia
·
India
·
Malaysia
·
Saudi Arabia
AMERICAS ·
1
United States
Sectors targeted
2 of 40
Government
83 actors
Defense
60 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
DIS · Disinformation
ESP · Espionage
MITRE ATT&CK · 47 techniques
Reconnaissance
· 1
T1589.002
Email Addresses
Resource Development
· 4
T1583
Acquire Infrastructure
T1583.003
Virtual Private Server
T1583.006
Web Services
T1585
Establish Accounts
Initial Access
· 3
T1190
Exploit Public-Facing Application
Execution
· 8
T1047
Windows Management Instrumentation
Credential Access
· 6
T1003
OS Credential Dumping
Discovery
· 3
T1018
Remote System Discovery
T1046
Network Service Discovery
Lateral Movement
· 4
T1021
Remote Services
Collection
· 4
T1005
Data from Local System
T1119
Automated Collection
Exfiltration
· 1
T1567.002
Exfiltration to Cloud Storage
Impact
· 1
T1561.002
Disk Structure Wipe
Command And Control
· 4
T1071.004
DNS
Defense Impairment
· 2
T1112
Modify Registry
Stealth
· 6
T1027.002
Software Packing
T1036
Masquerading
T1036.005
Match Legitimate Resource Name or Location
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1195
Supply Chain Compromise
T1566.001
Spearphishing Attachment
T1053.005
Scheduled Task
T1059
Command and Scripting Interpreter
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.007
JavaScript
T1203
Exploitation for Client Execution
T1204.001
Malicious Link
T1003.001
LSASS Memory
T1003.002
Security Account Manager
T1003.004
LSA Secrets
T1110
Brute Force
T1552.001
Credentials In Files
T1654
Log Enumeration
T1210
Exploitation of Remote Services
T1550.002
Pass the Hash
T1570
Lateral Tool Transfer
T1125
Video Capture
T1560
Archive Collected Data
T1090.003
Multi-hop Proxy
T1095
Non-Application Layer Protocol
T1571
Non-Standard Port
T1685
Disable or Modify Tools
T1070.004
File Deletion
T1497
Virtualization/Sandbox Evasion
T1684.001
Impersonation