Cyber Threat Actor: Yttrium

The provided threat actor context lists Yttrium as an alias and notes a possible location in North Korea, but none of the supplied articles mention this name or any activity linked to North Korea. All of the articles focus on Russian state‑sponsored cyber operations, referencing groups such as APT 29 (Cozy Bear), the SolarWinds supply‑chain compromise, and the NotPetya/BlackEnergy ransomware campaigns. They describe targeting of U.S. government agencies, defense contractors, energy firms, and various private sector victims in Europe and North America. The reported techniques include the use of trojanized software updates, spear‑phishing emails, watering‑hole sites, and exploitation of known vulnerabilities like EternalBlue. No attribution to North Korean actors or to the alias Yttrium appears in any of the excerpts, and no malware families or infrastructure associated with Yttrium are discussed.

Because the source material does not contain any evidence about Yttrium’s objectives, typical targets, or operational patterns, a factual profile cannot be constructed from the given information. Any description of the actor’s strategic goals, preferred sectors, or distinctive TTPs would require speculation, which is prohibited by the instructions. The articles instead detail Russian intelligence‑linked activity, such as the SVR‑affiliated Cozy Bear’s espionage campaigns and the GRU‑linked Sandworm’s disruptive attacks. They note specific incidents like the breach of the U.S. Treasury, the compromise of FireEye, and the widespread disruption caused by NotPetya across Ukrainian and global networks. Consequently, the only accurate statement that can be made is that the supplied documentation provides no verifiable data on Yttrium, and any further detail would be unfounded.