Uptime Hamster: 1d 9h 17mDeploy: 13 Jul 2026 10:50Updated: 2026-07-13
Logo del actor de amenaza GOLD CABIN

GOLD CABIN

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Aliases: ATK236, G0127, Monster Libra, Shakthak, TA551
Ver en IntelTracker → APTTrail →
GOLD CABIN is a sophisticated cyber threat actor with capabilities often associated with advanced persistent threat (APT) groups, though its primary operational patterns align with a financially motivated initial access broker that frequently distributes commodity malware. The group is described as state-sponsored, with a suspected origin in Russia, and is known by multiple aliases including TA551, Shathak, and G0127. GOLD CABIN's core motivation is financial gain, achieved through initial access operations and the distribution of various malware families, which then facilitates further compromise including ransomware deployment and data theft. A distinguishing characteristic of GOLD CABIN is its consistent evolution in delivery mechanisms and malware payloads, effectively operating as an initial access facilitator for other criminal enterprises. The group is often conflated with APT29 (G0127) in some intelligence reports, which might indicate either shared access to compromised enviro

Aliases del actor

ATK236G0127Monster LibraShakthakTA551

Actores similares

apt-goldenbirdactor · 1apt-goldenjackalactor · 1apt-goldenratactor · 1TA551actor · 1GOLD SOUTHFIELDapt · 1Silent Librarianactor · 1returned-libraactor · 1ta551actor · 1silent-librarianactor · 1gold-lowellactor · 1
Malware asociado
IcedID, IcedID, Ursnif, Valak, win.bumblebee, Ursnif
Tecnicas MITRE
T1073, T1568.002, T1040, T1137.001, T1204.002, T1003
CVEs relacionadas
CVE-2021-27065, CVE-2021-26858, CVE-2021-26857, CVE-2021-26855, CVE-2017-11882
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
66
Actualizado
Wed, 16 Ap

Sectores objetivo (SOCRadar)

FinanceInsuranceBankingGrantmaking and Giving Services