Menu
Browse

Cyber Threat Actor: OldGremlin

Actor Type Location Known Incidents
 Icon
Crime Syndicate
Russia
1 incident
Profile

OldGremlin is a cyber threat actor operating under this primary alias, with its activities publicly linked to Russia. The group gained recognition through a limited number of high-impact incidents, primarily targeting entities within the Russian Federation itself. Public reporting indicates a focus on disruptive operations against commercial organizations, though specific sectoral preferences beyond demonstrated incidents remain undocumented in available sources. The actor's strategic objectives appear aligned with causing operational interruptions rather than overt financial extortion or data theft, based on observed events.

One significant operation attributed to OldGremlin occurred on March 14, 2022, targeting Wildberries, a major Russian online retailer. This incident resulted in substantial service disruptions affecting the company's operations, as reported by Forbes Russia. The attack methodology remains unspecified in open sources, though its public attribution suggests coordination or capability consistent with disruptive cyber operations. Wildberries' prominence as a consumer-facing platform indicates that OldGremlin selects targets likely to generate noticeable public impact through service degradation. The incident's timing coincided with broader regional instability, though no explicit geopolitical motive was formally established in reporting.

Publicly available information does not detail OldGremlin's technical tooling, malware preferences, or initial access vectors. Attribution to Russia stems from forensic analysis cited in media reports following the Wildberries incident, though no specific state affiliation or criminal consortium ties have been explicitly claimed. The group's operational footprint appears concentrated within Russian cyberspace based on its single publicly documented campaign. Its avoidance of financially motivated tactics distinguishes it from ransomware groups active in the same region during the same period. OldGremlin maintains a low public profile compared to other Russian-aligned threat actors, with no additional campaigns conclusively linked to the group beyond the 2022 event.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources