The threat actor behind the WhisperGate malware has been identified as a distinct Russian GRU group.
The Russian APT28 group is exploiting a six-year-old vulnerability in some Cisco IOS and IOS XE router software to install malware known as Jaguar Tooth.
The Winter Vivern APT group is now targeting government agencies and diplomats from the United States and European countries.
A low-profile attack group known as Winter Vivern has recently been targeting government and private organizations in Ukraine, Poland, Italy, and elsewhere.
The U.S. and U.K. governments have sanctioned seven Russian men whom they allege are members of the Trickbot cybercrime group.