GOLD PRELUDE
0 incidentes
0 paises
0 sectores
apt RU Ultimo: -
Aliases: TA569, UNC1543
GOLD PRELUDE, also known by aliases such as TA569, UNC1543, DEV-0569, Storm-0569, and Mustard Tempest, is a financially motivated cyber threat actor group that has been actively distributing malware since at least April 2018. The group operates primarily as an Initial Access Broker (IAB), a model where they compromise target networks and then sell access to other cybercriminal organizations, including ransomware operators. Assessed with high confidence to be of Russian origin due to historical associations with the Russian cybercrime group Evil Corp and reported links to Russian GRU's Unit 29155, GOLD PRELUDE distinguishes itself through its widespread use of malicious JavaScript injections on compromised legitimate websites, leading to 'fake browser update' lures. The group has shown an evolution in its operational model, shifting towards selling access for ransomware deployments and adapting tactics to target supply chain networks, all while continuously innovating its methods to eva
Sectores objetivo (SOCRadar)
FinanceInsuranceComputer Systems Design and Related Services