Poseidon Group

πŸ”΄ High
Also known as: G0033, Poseidon Group

Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm. Kaspersky Poseidon Group

🌍 Country Brazil
πŸ“… Activity 2016 β€” 2016
⚑ Risk Level High
🧭 ATT&CK G0033
2016
2016

Introduction

Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm. Kaspersky Poseidon Group

Activities and Tactics

Country of Origin: πŸ‡§πŸ‡· Brazil

Risk Level: High

First Seen: 2016

Last Activity: 2016

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.

Malware and Tools

  • BlackEnergy
  • BLACKCOFFEE
  • Blackshades
  • BlackNix
  • BlackHole

Attribution and Evidence

Country of Origin: Brazil Additional attribution information pending cataloguing.

References

[1] mitre-attack [3] Kaspersky Poseidon Group Kaspersky Lab’s Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved March 16, 2016.