APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
TEMP.Isotope (aka BERSERK BEAR, Dragonfly 2.0) · APT Atlas
Actors
/
Nation-state / APT
/
Europe
TEMP.Isotope
APT
RU · Russia
AKA
BERSERK BEAR · Dragonfly 2.0
CrowdStrike
:
ENERGETIC BEAR
Kaspersky
:
Crouching Yeti
Microsoft
:
Ghost Blizzard
Secureworks
:
IRON LIBERTY
Targets
25
Sectors
18
Threat types
2
GIRs covered
0/480
Active since
2017
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 25 countries
Region filter
Export
origin · Russia
targeted countries · 25
ASIA ·
14
United Arab Emirates
·
Afghanistan
·
Armenia
·
Bahrain
·
Indonesia
·
Israel
·
Iraq
·
Iran
·
Jordan
·
Malaysia
·
Oman
·
Türkiye
·
Uzbekistan
·
Yemen
EUROPE ·
6
Belgium
·
Germany
·
Finland
·
France
·
Netherlands
·
Ukraine
AMERICAS ·
3
Colombia
·
Ecuador
·
Paraguay
AFRICA ·
1
Algeria
OCEANIA ·
1
New Zealand
Sectors targeted
18 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Aviation
19 actors
Financial Services
61 actors
Technology
51 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Transportation
25 actors
Hospitality
26 actors
Legal & Professional
13 actors
Industrials / Engineering
23 actors
Dissidents (as targets)
14 actors
Maritime
21 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
DIS · Disinformation
ESP · Espionage
MITRE ATT&CK · 38 techniques
Resource Development
· 1
T1583.003
Virtual Private Server
Initial Access
· 4
T1189
Drive-by Compromise
T1190
Exploit Public-Facing Application
T1195.002
Compromise Software Supply Chain
T1566.001
Spearphishing Attachment
Execution
· 6
T1053.005
Scheduled Task
Persistence
· 1
Credential Access
· 5
T1003.002
Security Account Manager
T1003.003
NTDS
Discovery
· 6
T1012
Query Registry
T1016
System Network Configuration Discovery
Lateral Movement
· 2
T1021.001
Remote Desktop Protocol
Collection
· 4
T1005
Data from Local System
T1113
Screen Capture
T1114.002
Remote Email Collection
T1560
Archive Collected Data
Command And Control
· 2
T1071.002
File Transfer Protocols
Defense Impairment
· 2
T1112
Modify Registry
Stealth
· 5
T1036.010
Masquerade Account Name
T1070.004
File Deletion
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1059
Command and Scripting Interpreter
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.006
Python
T1203
Exploitation for Client Execution
T1547.001
Registry Run Keys / Startup Folder
T1003.004
LSA Secrets
T1110
Brute Force
T1187
Forced Authentication
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1083
File and Directory Discovery
T1135
Network Share Discovery
T1210
Exploitation of Remote Services
T1105
Ingress Tool Transfer
T1686
Disable or Modify System Firewall
T1078
Valid Accounts
T1221
Template Injection
T1564.002
Hidden Users