Menu
Browse

Cyber Threat Actor: A Russian cybercriminal group

Actor Type Location Known Incidents
 Icon
Activist
Russia
1 incident
Profile

Theactor’s alias is A Russian cybercriminal group, and its known location is Russia.
Open‑source descriptions characterize the entity as a criminal collective rather than a state‑sponsored actor.
No publicly available information ties the group to any intelligence service, military unit, or government direction.
The group has claimed responsibility for a series of disruptive online actions against various targets. These claims have been linked to incidents that disrupted government‑related online services.
This establishes the basic identity of the threat actor.

The group’s known activity includes a distributed denial‑of‑service campaign that targeted Slovenian government websites on 9 April 2024.
The attack rendered the central bank, Statistics Office, presidential site, Constitutional Court and Competition Protection Agency temporarily inaccessible.
Authorities confirmed operational control of the incident and noted ongoing coordination through the National Security Council.
The prime minister announced plans to increase cybersecurity funding and personnel in reaction to the event.
Prior to this incident, the same group had claimed responsibility for comparable DDoS actions against Slovenian state institutions, companies and media outlets.
In those statements the group cited Slovenia’s support for Ukraine as the motivation for its actions.
The asserted objective of the attacks is to disrupt online services and to generate public concern rather than to steal data or conduct espionage.

The observed tactic is a distributed denial‑of‑service flood that overwhelms targets with large amounts of traffic.
Reports describe the effort as technically unsophisticated, relying on sheer volume rather than specialized malware or intrusion tools.
No evidence points to the use of specific malware families, custom exploits, or advanced persistence mechanisms in these incidents.
The group’s approach therefore aligns with low‑complexity, high‑volume disruption techniques.
Analysts warn that such attacks are likely to persist in the foreseeable future given the stated geopolitical grievance.
The Slovenian DDoS episode serves as a representative example of the group’s current operational pattern.
This concludes the factual profile based on the available public information.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources