Star Blizzard

Also known as: Callisto Group, COLDRIVER, SEABORGIUM, Star Blizzard, TA446, Callisto, Reuse Team, BlueCharlie, GOSSAMER BEAR, TAG-53, IRON FRONTIER, UNC4057, Blue Callisto, Nahr Elbard, Nahr el bared, Cold River

Star Blizzard is a cyber espionage and influence group originating in Russia that has been active since at least 2019. Star Blizzard campaigns align closely with Russian state interests and have included persistent phishing and credential theft against academic, defense, government, NGO, and think tank organizations in NATO countries, particularly the US and the UK. Microsoft Star Blizzard August 2022 CISA Star Blizzard Advisory December 2023 StarBlizzard Google TAG COLDRIVER January 2024

🌍 Country Russia

🧭 ATT&CK G1033

Government Administration Military Think Tanks Journalist

Introduction

Activities and Tactics

Targeted Sectors: Government Administration, Military, Think Tanks, Journalist

Country of Origin: 🇷🇺 Russia

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

CyberGate:
Cyber Eye RAT:
Blizzard:
Coldroot:

Attribution and Evidence

Country of Origin: Russia Additional attribution information pending cataloguing.

References

[1] MITRE ATT&CK MITRE ATT&CK entry [2] Microsoft Star Blizzard August 2022 [3] CISA Star Blizzard Advisory December 2023 [4] StarBlizzard [5] Google TAG COLDRIVER January 2024

Source Attribution

Structured source: MISP Galaxy

View ATT&CK group profile

View upstream source record

License: CC BY-NC-SA 3.0

Additional source provenance

malpedia Source record Dataset
misp galaxy Dataset
mitre Dataset

Source and license policy

🔍 Quick Filters

Top Countries

Risk Distribution

High

161

Critical

Low

Medium