Uptime Hamster: 15d 3h 52mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza GOLD PRELUDE

GOLD PRELUDE

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Aliases: TA569, UNC1543
Ver en IntelTracker → APTTrail →
GOLD PRELUDE, also known by aliases such as TA569, UNC1543, DEV-0569, Storm-0569, and Mustard Tempest, is a financially motivated cyber threat actor group that has been actively distributing malware since at least April 2018. The group operates primarily as an Initial Access Broker (IAB), a model where they compromise target networks and then sell access to other cybercriminal organizations, including ransomware operators. Assessed with high confidence to be of Russian origin due to historical associations with the Russian cybercrime group Evil Corp and reported links to Russian GRU's Unit 29155, GOLD PRELUDE distinguishes itself through its widespread use of malicious JavaScript injections on compromised legitimate websites, leading to 'fake browser update' lures. The group has shown an evolution in its operational model, shifting towards selling access for ransomware deployments and adapting tactics to target supply chain networks, all while continuously innovating its methods to eva

Aliases del actor

TA569UNC1543

Actores similares

apt-goldenbirdactor · 1apt-goldenjackalactor · 1apt-goldenratactor · 1GOLD SOUTHFIELDapt · 1gold-lowellactor · 1golden-chickensactor · 1golden-jackalactor · 1GOLD CABINapt · 0GOLD DUPONTapt · 0GOLD REBELLIONapt · 0
Malware asociado
tofsee, SocGholish, SocGholish, SocGholish
Tecnicas MITRE
T1036 - Masquerading, T1547, T1060 - Registry Run Keys / Startup Folder, T1566, T1583.001 - Domains, T1566 - Phishing
CVEs relacionadas
CVE-2025-64446, CVE-2022-30190, CVE-2019-12265, CVE-2019-12259, CVE-2017-1182, CVE-2017-0199
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
65
Actualizado
Sat, 19 No

Sectores objetivo (SOCRadar)

FinanceInsuranceComputer Systems Design and Related Services