Winter Vivern
Winter Vivern is a cyber intrusion set named by Domain Tools researchers after a string ('wintervivern') found in the command and control beacon URL for the group's malware.
Researchers from SentinelOne identified activity by the group targeting government organisations in Ukraine, Poland, Lithuania, India, Italy, The Vatican, and Slovakia.
The group shows overlap with UAC-0114, with motivations aligned with those of the Russian and Belarussian governments.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Winter Vivern Threat Reports
Winter Vivern: Uncovering a Wave of Global Espionage
SentinelLabs conducted an investigation into the Winter Vivern Advanced Persistent Threat (APT) group, in part leveraging observations made by The ...
Winter Vivern: A Look At Re-Crafted Government MalDocs Targeting Multiple Languages
This report by DomainTools researchers identifies a cyber threat group they call "Winter Vivern". The report describes malicious Excel macros used ...
Winter Vivern – all Summer
This report by researchers from Lab52 details an infection campaign which they attribute to Winter Vivern. The report provides technical analysis ...