Cyber Resilience

Threat actor · all actors

Winter VivernG1035 unknown

aka Winter Vivern, TA473, UAC-0114

Last updated: 2026-07-03

1attributed CVEs
36ATT&CK techniques
4.3IDF score (tooling uniqueness)
1exclusive CVEs
2021years active

About this actor

Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting various European government and NGO entities, along with sporadic targeting of Indian and US victims. The group leverages a combination of document-based phishing activity and server-side exploitation for initial access, leveraging adversary-controlled and -created infrastructure for follow-on command and control.(Citation: DomainTools WinterVivern 2021)(Citation: SentinelOne WinterVivern 2023)(Citation: CERT-UA WinterVivern 2023)(Citation: ESET WinterVivern 2023)(Citation: Proofpoint WinterVivern 2023)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2021-35207 3.56.10.03272021-07-02see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-420 / 3656%
CM-619 / 3653%
CM-217 / 3647%
SI-315 / 3642%
CA-713 / 3636%
AC-412 / 3633%
AC-311 / 3631%
AC-611 / 3631%
CM-711 / 3631%
SC-711 / 3631%
SI-711 / 3631%
AC-210 / 3628%
CM-88 / 3622%
SI-28 / 3622%
AC-177 / 3619%

Co-occurring actors

None.

Similar actors