NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Winter Vivern

Winter Vivern

G1035 Russia MITRE ATT&CK →

Also known as: TA473 · UAC-0114

Overview

Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting various European government and NGO entities, along with sporadic targeting of Indian and US victims. The group leverages a combination of document-based phishing activity and server-side exploitation for initial access, leveraging adversary-controlled and -created infrastructure for follow-on command and control.

Regions

Germany

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1190

TTPs — 27 techniques across 9 tactics

Reporting (3)