ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > OldGremlin

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: OldGremlin

NamesOldGremlin (Group-IB)
CountryRussia Russia
MotivationFinancial crime, Financial gain
First seen2020
Description(Group-IB) Group-IB Threat Intelligence team recently tracked a successful attack conducted on a Russian medical company by OldGremlin, a new criminal group. The threat actor encrypted the company's entire corporate network and demanded a $50,000 ransom. It is common knowledge that Russian hackers have an unspoken rule about not working within Russia and post-Soviet countries. Yet OldGremlin, made up of Russian speakers, is actively attacking Russian companies: banks, industrial enterprises, medical organizations, software developers… According to Group-IB expert estimations, since the spring OldGremlin has conducted at least seven phishing campaigns. The hackers have impersonated the self-regulatory organization Mikrofinansirovaniye i Razvitiye (SRO MiR); a Russian metallurgical holding company; the Belarusian plant Minsk Tractor Works; a dental clinic; and the media holding company RBC.
ObservedSectors: Financial, Healthcare, Media.
Countries: Russia.
Tools usedCobalt Strike, TinyCryptor, TinyNode, TinyPosh.
Information<https://www.group-ib.com/blog/oldgremlin>

Last change to this card: 19 October 2020

Download this actor card in PDF or JSON format

Previous: Narwhal Spider
Next: OurMine

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key