Threat actor · all actors
Winter VivernG1035 unknown
aka Winter Vivern, TA473, UAC-0114
Last updated: 2026-07-03
1attributed CVEs
36ATT&CK techniques
4.3IDF score (tooling uniqueness)
1exclusive CVEs
2021years active
About this actor
Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting various European government and NGO entities, along with sporadic targeting of Indian and US victims. The group leverages a combination of document-based phishing activity and server-side exploitation for initial access, leveraging adversary-controlled and -created infrastructure for follow-on command and control.(Citation: DomainTools WinterVivern 2021)(Citation: SentinelOne WinterVivern 2023)(Citation: CERT-UA WinterVivern 2023)(Citation: ESET WinterVivern 2023)(Citation: Proofpoint WinterVivern 2023)
Source: MITRE ATT&CK
Activity timeline
- 2021 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2021-35207 | 3.5 | 6.1 | 0.0327 | 2021-07-02 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 20 / 36 | 56% |
CM-6 | 19 / 36 | 53% |
CM-2 | 17 / 36 | 47% |
SI-3 | 15 / 36 | 42% |
CA-7 | 13 / 36 | 36% |
AC-4 | 12 / 36 | 33% |
AC-3 | 11 / 36 | 31% |
AC-6 | 11 / 36 | 31% |
CM-7 | 11 / 36 | 31% |
SC-7 | 11 / 36 | 31% |
SI-7 | 11 / 36 | 31% |
AC-2 | 10 / 36 | 28% |
CM-8 | 8 / 36 | 22% |
SI-2 | 8 / 36 | 22% |
AC-17 | 7 / 36 | 19% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Frankenstein 0.34
- Confucius 0.31
- SharePoint ToolShell Exploitation 0.29
- WIRTE 0.28
- Sidewinder 0.26
Active in same years
- C0018 1.00
- SolarWinds Compromise 1.00
- SharePoint ToolShell Exploitation 1.00
- APT1 1.00
- Deep Panda 1.00