Winter Vivern is a cyberespionage group first revealed by DomainTools in 2021. It is thought to have been active since at least 2020 and it targets go...

Threat Actor Profile

Winter Vivern

State-sponsored threat group originating from RU. Uses 36 known MITRE ATT&CK techniques.

36 TTPs Mapped Real-Time Alerts

Actor Overview

Origin Country
RU
Known Techniques
36 TTPs

Suspected Victims

Germany

MITRE ATT&CK Techniques

T1583T1583.001T1583.003T1595T1595.002T1071T1071.001T1119T1020T1059T1059.001T1059.003T1059.007T1584T1584.006 +21 more

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on Winter Vivern is published.

Actor Details

Primary Name
Winter Vivern
Known Aliases
UAC-0114, TA473, TAG-70, TA-473
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →