Star Blizzard

Star BlizzardSEABORGIUMCallisto GroupTA446COLDRIVER

[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia that has been active since at least 2019. [Star Blizzard](https://attack.mitre.org/groups/G1033) campaigns align closely with Russian state interests and have included persistent phishing and credential theft against academic, defense, government, NGO, and think tank organizations in NATO countries, particularly the US and the UK.(Citation: Microsoft Star Blizzard August 2022)(Citation: CISA Star Blizzard Advisory December 2023)(Citation: StarBlizzard)(Citation: Google TAG COLD...

Techniques

Covered

Gaps

75%

Coverage

Coverage15/20

GAPS (5)

T1585.001Social Media Accounts T1585.002Email Accounts T1586.002Email Accounts T1593Search Open Websites/Domains T1684.001Impersonation

COVERED (15)

T1059.007JavaScript61 det.T1078Valid Accounts280 det.T1114.002Remote Email Collection18 det.T1114.003Email Forwarding Rule15 det.T1204.002Malicious File425 det.T1539Steal Web Session Cookie15 det.T1550.004Web Session Cookie5 det.T1566.001Spearphishing Attachment905 det.T1583Acquire Infrastructure1 det.T1583.001Domains61 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1598.002Spearphishing Attachment2 det.T1598.003Spearphishing Link285 det.T1608.001Upload Malware3 det.