Star Blizzard

Star BlizzardSEABORGIUMCallisto GroupTA446COLDRIVER

[Star Blizzard](https://attack.mitre.org/groups/G1033) is a cyber espionage and influence group originating in Russia that has been active since at least 2019. [Star Blizzard](https://attack.mitre.org/groups/G1033) campaigns align closely with Russian state interests and have included persistent phishing and credential theft against academic, defense, government, NGO, and think tank organizations in NATO countries, particularly the US and the UK.(Citation: Microsoft Star Blizzard August 2022)(Citation: CISA Star Blizzard Advisory December 2023)(Citation: StarBlizzard)(Citation: Google TAG COLD...

Techniques

Covered

Gaps

79%

Coverage

Coverage15/19

GAPS (4)

T1585.001Social Media Accounts T1585.002Email Accounts T1586.002Email Accounts T1593Search Open Websites/Domains

COVERED (15)

T1059.007JavaScript58 det.T1078Valid Accounts252 det.T1114.002Remote Email Collection18 det.T1114.003Email Forwarding Rule10 det.T1204.002Malicious File397 det.T1539Steal Web Session Cookie12 det.T1550.004Web Session Cookie5 det.T1566.001Spearphishing Attachment850 det.T1583Acquire Infrastructure1 det.T1583.001Domains61 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1598.002Spearphishing Attachment1 det.T1598.003Spearphishing Link271 det.T1608.001Upload Malware2 det.