Threat actor · all actors
Mustard TempestG1020 unknown
aka Mustard Tempest, DEV-0206, TA569, GOLD PRELUDE, UNC1543
Last updated: 2026-07-03
About this actor
[Mustard Tempest](https://attack.mitre.org/groups/G1020) is an initial access broker that has operated the [SocGholish](https://attack.mitre.org/software/S1124) distribution network since at least 2017. [Mustard Tempest](https://attack.mitre.org/groups/G1020) has partnered with [Indrik Spider](https://attack.mitre.org/groups/G0119) to provide access for the download of additional malware including LockBit, [WastedLocker](https://attack.mitre.org/software/S0612), and remote access tools.(Citation: Microsoft Ransomware as a Service)(Citation: Microsoft Threat Actor Naming July 2023)(Citation: Secureworks Gold Prelude Profile)(Citation: SocGholish-update)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CA-7 | 8 / 18 | 44% |
CM-2 | 8 / 18 | 44% |
CM-6 | 8 / 18 | 44% |
SI-3 | 8 / 18 | 44% |
SI-4 | 8 / 18 | 44% |
AC-4 | 6 / 18 | 33% |
SC-7 | 6 / 18 | 33% |
CM-7 | 5 / 18 | 28% |
IA-9 | 4 / 18 | 22% |
SC-44 | 4 / 18 | 22% |
SI-2 | 4 / 18 | 22% |
SI-7 | 4 / 18 | 22% |
SI-8 | 4 / 18 | 22% |
AC-6 | 3 / 18 | 17% |
SI-10 | 3 / 18 | 17% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Transparent Tribe 0.41
- C0010 0.33
- SideCopy 0.30
- C0021 0.29
- C0011 0.28