Cyber Resilience

Campaign · all campaigns

C0026C0026 unknown

aka C0026

Last updated: 2026-07-03

0attributed CVEs
8ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[C0026](https://attack.mitre.org/campaigns/C0026) was a campaign identified in September 2022 that included the selective distribution of [KOPILUWAK](https://attack.mitre.org/software/S1075) and [QUIETCANARY](https://attack.mitre.org/software/S1076) malware to previous [ANDROMEDA](https://attack.mitre.org/software/S1074) malware victims in Ukraine through re-registered [ANDROMEDA](https://attack.mitre.org/software/S1074) C2 domains. Several tools and tactics used during [C0026](https://attack.mitre.org/campaigns/C0026) were consistent with historic [Turla](https://attack.mitre.org/groups/G0010) operations.(Citation: Mandiant Suspected Turla Campaign February 2023)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-36 / 875%
SI-46 / 875%
SC-75 / 862%
CM-24 / 850%
AC-43 / 838%
CA-73 / 838%
CM-62 / 825%
RA-52 / 825%
AC-161 / 812%
AC-21 / 812%
AC-231 / 812%
AC-31 / 812%
AC-61 / 812%
CM-121 / 812%
CM-71 / 812%

Co-occurring actors

None.

Similar actors