DEV-0586 is a threat actor attributed to RU, also known as Ruinous Ursa, Cadet Blizzard, DEV-0586. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does DEV-0586 exploit?

DEV-0586 is known to exploit 5 CVEs. View the full list on the Strobes VI threat actor profile page.

DEV-0586

Also known as: Ruinous Ursa, Cadet Blizzard, DEV-0586, EMBER BEAR, GRU Unit 29155, Frozenvista, GRU 161st Specialist Training Center, Bleeding Bear, UAC-0056, UNC2589

RUInformation theft and espionage , Sabotage and destruction

Exploited CVEs

Overview

MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware (WhisperGate), which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.

Exploited Vulnerabilities

CVE ID	Action
CVE-2021-26084	View Details
CVE-2016-6662	View Details
CVE-2022-41040	View Details
CVE-2014-7169	View Details
CVE-2017-0176	View Details

Quick Actions

DEV-0586

Ready for Agentic Automated Testing?

DEV-0586