Home > List all groups > OldGremlin

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: OldGremlin

NamesOldGremlin (Group-IB)
CountryRussia Russia
MotivationFinancial crime, Financial gain
First seen2020
Description(Group-IB) Group-IB Threat Intelligence team recently tracked a successful attack conducted on a Russian medical company by OldGremlin, a new criminal group. The threat actor encrypted the company's entire corporate network and demanded a $50,000 ransom. It is common knowledge that Russian hackers have an unspoken rule about not working within Russia and post-Soviet countries. Yet OldGremlin, made up of Russian speakers, is actively attacking Russian companies: banks, industrial enterprises, medical organizations, software developers… According to Group-IB expert estimations, since the spring OldGremlin has conducted at least seven phishing campaigns. The hackers have impersonated the self-regulatory organization Mikrofinansirovaniye i Razvitiye (SRO MiR); a Russian metallurgical holding company; the Belarusian plant Minsk Tractor Works; a dental clinic; and the media holding company RBC.
ObservedSectors: Financial, Healthcare, Media.
Countries: Russia.
Tools usedCobalt Strike, TinyCryptor, TinyNode, TinyPosh.

Last change to this card: 19 October 2020

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key