{ "id": "281d4a58-f69d-4105-b154-c776bf1d7260", "created_at": "2026-04-06T00:06:06.271213Z", "updated_at": "2026-04-10T13:11:31.653881Z", "deleted_at": null, "sha1_hash": "84789a81a8b976c40e5d83f1466af9b63972fcdf", "title": "[Unnamed groups: Russia] - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 80626, "plain_text": "[Unnamed groups: Russia] - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 20:54:22 UTC\nHome \u003e List all groups \u003e [Unnamed groups: Russia]\n APT group: [Unnamed groups: Russia]\nNames [Unnamed groups: Russia] (?)\nCountry Russia\nMotivation Information theft and espionage, Financial gain, Sabotage and destruction\nFirst seen 2014\nDescription\nThese are reported APT activities attributed to a country, but not to an individual\nthreat group.\nObserved\nSectors: Financial.\nCountries: Australia, Singapore, USA and Worldwide.\nTools used\nOperations performed\n2014\nYahoo hit with a Massive 500 Million Account Data Breach\nJun 2018\nRussian Attacks Against Singapore Spike During Trump-Kim Summit\nJun 2022\nRussian hackers may be behind Texas natural gas plant explosion:\nreport\nOct 2022\nMedibank cyber incident\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d8af7e66-0392-4082-bdb9-f7157083d079\nPage 1 of 4\n\nJul 2024\nPoland to probe Russia-linked cyberattack on state news agency\nNov 2024\nSeoul accuses pro-Kremlin hackers of attacking websites over decision\nto monitor North Korean troops in Ukraine\nApr 2025\nPro-Russian hackers blamed for water dam sabotage in Norway\nCounter operations\nMar 2017\nUS Charges Four Hackers in Yahoo 2014 Security Breach, Including\nTwo FSB Agents\nMar 2022\nJustice Department Announces Court-Authorized Disruption of Botnet\nControlled by the Russian Federation’s Main Intelligence Directorate\n(GRU)\nJun 2022\nRussian Botnet Disrupted in International Cyber Operation\nJan 2024\nAustralia, US, UK Sanction Russian Over 2022 Medibank Breach\nFeb 2024\nJustice Department Conducts Court-Authorized Disruption of Botnet\nControlled by the Russian Federation’s Main Intelligence Directorate\nof the General Staff (GRU)\nFeb 2024\nRussia arrests three alleged SugarLocker ransomware members\nJul 2024 Justice Department Leads Efforts Among Federal, International, and\nPrivate Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d8af7e66-0392-4082-bdb9-f7157083d079\nPage 2 of 4\n\nSep 2024\nJustice Department Disrupts Covert Russian Government-Sponsored\nForeign Malign Influence Operation Targeting Audiences in the United\nStates and Elsewhere\nNov 2024\nRussia arrests cybercriminal Wazawaka for ties with ransomware\ngangs\nDec 2024\nRussia sentences Hydra dark web market leader to life in prison\nDec 2024\nOperation “Destabilise”\nOperation Destabilise: NCA disrupts $multi-billion Russian money\nlaundering networks with links to, drugs, ransomware and espionage,\nresulting in 84 arrests\nDec 2024\nEU issues first-ever sanctions over ‘Russian hybrid threats’\nJan 2025\nTreasury Sanctions Entities in Iran and Russia That Attempted to\nInterfere in the U.S. 2024 Election\nJan 2025\nThree Russian-German Nationals Charged with Espionage for Russian\nSecret Service\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d8af7e66-0392-4082-bdb9-f7157083d079\nPage 3 of 4\n\nJan 2025\nCyber-attacks: three individuals added to EU sanctions list for\nmalicious cyber activities against Estonia\nMay 2025\nRussian hybrid threats: EU lists further 21 individuals and 6 entities\nand introduces sectoral measures in response to destabilising activities\nagainst the EU, its member states and international partners\nJul 2025\nUK sanctions Russian spies at the heart of Putin’s malicious regime\nInformation\nLast change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d8af7e66-0392-4082-bdb9-f7157083d079\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d8af7e66-0392-4082-bdb9-f7157083d079\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d8af7e66-0392-4082-bdb9-f7157083d079" ], "report_names": [ "showcard.cgi?u=d8af7e66-0392-4082-bdb9-f7157083d079" ], "threat_actors": [ { "id": "f6f95b20-4c86-4e09-b82d-c9ef72fed729", "created_at": "2024-03-12T02:02:11.297739Z", "updated_at": "2026-04-10T02:00:04.991462Z", "deleted_at": null, "main_name": "[Unnamed groups: Russia]", "aliases": [ "Operation Destabilise" ], "source_name": "ETDA:[Unnamed groups: Russia]", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775433966, "ts_updated_at": 1775826691, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/84789a81a8b976c40e5d83f1466af9b63972fcdf.pdf", "text": "https://archive.orkl.eu/84789a81a8b976c40e5d83f1466af9b63972fcdf.txt", "img": "https://archive.orkl.eu/84789a81a8b976c40e5d83f1466af9b63972fcdf.jpg" } }