russian_nation_state_actors

Also known asrussian_nation_state_actors

Russian nation-state actors are highly active in the global cyber threat landscape, with operations increasingly integrated into geopolitical conflicts. Their activities include cyberespionage, information operations, and collaboration with cybercriminal gangs. Russian actors have notably outsourced cyberespionage to criminal groups, particularly targeting Ukraine, and are expected to shift their operations toward long-term global objectives. Their campaigns focus on Europe and North America, leveraging information operations and hacktivist groups. Tactics include exploiting software supply chains, zero-day vulnerabilities, and virtualization platforms, as well as conducting ransomware, data theft, and combined extortion attacks. Russian actors are also experimenting with generative AI to enhance phishing, influence campaigns, and malware development. These operations are characterized by a blend of state and non-state collaboration, with a persistent focus on espionage, disruption, and influence aligned with Russian geopolitical interests. No specific sub-groups or aliases are mentioned in the provided content.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

help net securityNews

Nov 5, 2025

Google says 2026 will be the year AI supercharges cybercrime

Russian nation-state actors are expected to focus on global objectives, including information campaigns, hacktivism, election interference, and infrastructure disruption, particularly targeting Europe and North America.

security online infoNews

Oct 17, 2024

600 Million Daily Cyberattacks: Microsoft’s Alarming Report

Russian nation-state actors are increasingly collaborating with cybercriminal groups to conduct cyberespionage, particularly targeting Ukraine. They outsource operations and use commodity malware for intelligence gathering.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.