Trident Ursa threat group continues to operate as ‘dedicated access creator and intelligence gatherer’, according to cybersecurity company

US cybersecurity company Palo Alto Networks’ Unit 42 (a threat intelligence group) issued a report outlining continuous operations by the advanced persistent threat (APT) group Trident Ursa – a group attributed to Russia’s Federal Security Service by the Security Service of Ukraine. According to Unit 42’s assessments, Trident Ursa has remained ‘one of the most pervasive, intrusive, continuously active and focused APTs targeting Ukraine’.

Following ten months of monitoring indicators of the group’s operations, Unit 42 announced that it had identified, among other issues:

  • ‘An unsuccessful attempt to compromise a large petroleum refining company within a NATO member nation on 30 August 2022’ (neither the country nor the company concerned was named).
  • ‘An individual who appears to be involved with Trident Ursa threatened to harm a Ukraine-based cybersecurity researcher immediately following the initial invasion.’
  • ‘Multiple shifts in [the group’s] tactics, techniques and procedures.’