Trident Ursa threat group continues to operate as ‘dedicated access creator and intelligence gatherer’, according to cybersecurity company
Trident Ursa, a threat group linked to Russia’s Federal Security Service, persists in their role as an access creator and intelligence gatherer, noted by cybersecurity company Palo Alto Networks Unit 42. The group has been particularly active in targeting Ukraine, with recent activities including an unsuccessful attempt to breach a petroleum refining company in an unnamed country and threats against a cybersecurity researcher in Ukraine. Unit 42 observed multiple changes in Trident Ursa’s tactics during ten months of monitoring.
US cybersecurity company Palo Alto Networks’ Unit 42 (a threat intelligence group) issued a report outlining continuous operations by the advanced persistent threat (APT) group Trident Ursa – a group attributed to Russia’s Federal Security Service by the Security Service of Ukraine. According to Unit 42’s assessments, Trident Ursa has remained ‘one of the most pervasive, intrusive, continuously active and focused APTs targeting Ukraine’.
Following ten months of monitoring indicators of the group’s operations, Unit 42 announced that it had identified, among other issues:
- ‘An unsuccessful attempt to compromise a large petroleum refining company within a NATO member nation on 30 August 2022’ (neither the country nor the company concerned was named).
- ‘An individual who appears to be involved with Trident Ursa threatened to harm a Ukraine-based cybersecurity researcher immediately following the initial invasion.’
- ‘Multiple shifts in [the group’s] tactics, techniques and procedures.’