1 malware family

russian_actors

Also known asrussian_actors

Russian actors are described in the provided content as the operators behind the SolarWinds supply chain compromise. According to the content, they breached SolarWinds' production environment, where engineers built the software powering SolarWinds products. Rather than modifying source code directly, they injected malicious instructions at the end of the build process, creating a backdoor that could later be used to access the software. They then leveraged control over SolarWinds products to steal keys that enabled access to sensitive data stored in cloud environments. The content states that this operation gave Russia the ability to spy on more than 16,000 systems worldwide. No additional aliases, sub-groups, or more specific attribution are provided in the content.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

12 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

9 of 15 tactics15 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0043

Reconnaissance

1 technique

T1595

Active Scanning

TA0042

Resource Development

2 techniques

T1584

Compromise Infrastructure

T1587

Develop Capabilities

TA0001

Initial Access

4 techniques

T1078

Valid Accounts

T1190

Exploit Public-Facing Application

T1195

Supply Chain Compromise

T1566×2

Phishing

TA0003

Persistence

1 technique

T1078

Valid Accounts

TA0004

Privilege Escalation

1 technique

T1078

Valid Accounts

TA0005

Stealth

1 technique

T1078

Valid Accounts

TA0008

Lateral Movement

1 technique

T1021

Remote Services

TA0009

Collection

1 technique

T1213×2

Data from Information Repositories

TA0040

Impact

3 techniques

T1498×3

Network Denial of Service

T1499

Endpoint Denial of Service

T1561

Disk Wipe

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

HONESTCUEThe report identified attempts to coerce disclosure of internal reasoning, AI-assisted reconnaissance by DPRK, PRC, Iranian, and Russian actors, and AI-integrated malware such as HONESTCUE leveraging Gemini’s API for second-stage payload generation.1Mar 8, 2026

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

lawfareNews

Dec 4, 2025

F5, SolarWinds, and the Lethargy of the FAR Council

Russian nation-state actors conducted a sophisticated supply chain attack on SolarWinds, compromising the software build process to insert a backdoor and subsequently gaining access to sensitive data in cloud environments across thousands of organizations.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping12

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.