Uptime Hamster: 15d 5h 2mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza ExCobalt

ExCobalt

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Ver en IntelTracker → APTTrail →
ExCobalt is a cybercrime group recognized as an APT group, with members active since at least 2016, linked to the notorious Cobalt Group. Following the arrest of a key Cobalt Group leader in 2018, ExCobalt emerged, fundamentally shifting its primary motivation from financial theft against global financial institutions to cyber espionage and data theft specifically targeting Russian organizations. The group distinguishes itself through the continuous evolution of custom Golang-based tools such as GoRed, its adoption of tools like CobInt from the original Cobalt Group since 2022, and a notable reliance on supply chain compromises involving legitimate software components or stolen contractor credentials to gain initial network access. While drawing personnel and techniques from the broader Eastern European cybercrime circles associated with its predecessor, ExCobalt’s focused shift towards cyber espionage against Russia marks a significant divergence from the earlier group’s purely financ
Tecnicas MITRE
T1547 - Boot or Logon Autostart Execution, T1083, T1547, T1218 - Signed Binary Proxy Execution, T1546 - Event Triggered Execution, T1547.001 - Registry Run Keys
CVEs relacionadas
CVE-2023-38831, CVE-2021-26855
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
50
Actualizado
Thu, 03 Ap

Sectores objetivo (SOCRadar)

MiningManufacturingInformation ServicesPublic AdministrationTelecommunicationsSoftware Publishers