Operation Groundbait - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 18:59:09 UTC
Home > List all groups > Operation Groundbait
 APT group: Operation Groundbait
Names Operation Groundbait (ESET)
Country Ukraine
Motivation Information theft and espionage
First seen 2008
Description
(ESET) After BlackEnergy, which has, most infamously, facilitated attacks that resulted in
power outages for hundreds of thousands of Ukrainian civilians, and Operation Potao Express,
where attackers went after sensitive TrueCrypt-protected data from high value targets, ESET
researchers have uncovered another cyberespionage operation in Ukraine: Operation
Groundbait.
The main point that sets Operation Groundbait apart from the other attacks is that it has mostly
been targeting anti-government separatists in the self-declared Donetsk and Luhansk People’s
Republics.
While the attackers seem to be more interested in separatists and the self-declared
governments in eastern Ukrainian war zones, there have also been a large number of other
targets, including, among others, Ukrainian government officials, politicians and journalists.
Observed
Sectors: Government and politicians and journalists.
Countries: Ukraine.
Tools used Prikormka.
Information Last change to this card: 15 April 2020
Download this actor card in PDF or JSON format
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=38246b37-a51f-4980-800e-bc591e986073
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=38246b37-a51f-4980-800e-bc591e986073
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=38246b37-a51f-4980-800e-bc591e986073
Page 2 of 2