{"id":51080,"date":"2023-03-17T14:00:00","date_gmt":"2023-03-17T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation"},"modified":"2023-03-17T14:00:00","modified_gmt":"2023-03-17T14:00:00","slug":"low-budget-winter-vivern-apt-awakens-after-2-year-hibernation","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/","title":{"rendered":"Low-Budget ‘Winter Vivern’ APT Awakens After 2-Year Hibernation"},"content":{"rendered":"

A politically motivated cyber threat that’s hardly discussed in the public sphere has made a sort of comeback in recent months, with campaigns against government agencies and individuals in Italy, India, Poland, and Ukraine.<\/p>\n

“Winter Vivern” (aka UAC-0114) has been active since at least December 2020. Analysts tracked its initial activity in 2021, but the group has remained out of the public eye in the years since. That is, until attacks against Ukrainian and Polish government targets inspired reports on resurgent activity earlier this year from the Central Cybercrime Bureau of Poland<\/a>, and the State Cyber Protection Centre of the State Service of Special Communication and Information Protection of Ukraine<\/a>.<\/p>\n

In a follow-on analysis published this week<\/a>, Tom Hegel, senior threat researcher at SentinelOne, further elucidated the group’s TTPs and emphasized its close alignment “with global objectives that support the interests of Belarus and Russia’s governments,” noting that it should be classified as an advanced persistent threat (APT) even though its resources aren’t on the par of its other Russian-speaking peers.<\/p>\n

Winter Vivern, a ‘Scrappy’ Threat Actor<\/h2>\n

Winter Vivern, whose name is a derivative of the wyvern, a type of biped dragon with a poisonous, pointed tail “falls into a category of scrappy threat actors,” Hegel wrote. They’re “quite resourceful and able to accomplish a lot with potentially limited resources, while willing to be flexible and creative in their approach to problem solving.”<\/p>\n

The group’s most defining characteristic is its phishing lures \u2014 usually documents mimicking legitimate and publicly available government literature, which drop a malicious payload upon being opened. More recently, the group has taken to mimicking government websites to distribute their nasties. Vivern has a sense of humor, mimicking homepages belonging to the primary cyber-defense agencies of Ukraine and Poland, as seen below.<\/p>\n

\"Homepages
Source: SentinelOne<\/figcaption><\/figure>\n

The group’s most tongue-in-cheek tactic, though, is to disguise its malware as antivirus software. Like their many other campaigns, “the fake scanners are pitched through email to targets as government notices,” Hegel tells Dark Reading.<\/p>\n

These notices instruct recipients to scan their machines with this supposed antivirus software. Victims who download the fake software from the fake government domain will see what appears to be an actual antivirus running, when, in fact, a malicious payload is being downloaded in the background.<\/p>\n

That payload, in recent months, has commonly been Aperitif<\/a>, a Trojan that collects details about victims, establishes persistence on a target machine, and beacons out to an attacker-controlled command-and-control server (C2).<\/p>\n

Source: SentinelOne<\/figcaption><\/figure>\n

The group employs many other tactics and techniques, too. In a recent campaign against Ukraine’s I Want to Live<\/a> hotline, they resorted to an old favorite: a macro-enabled Microsoft Excel file.<\/p>\n

And “when the threat actor seeks to compromise the organization beyond the theft of legitimate credentials,” Hegel wrote in his post, “Winter Vivern tends to rely on shared toolkits and the abuse of legitimate Windows tools.”<\/p>\n

Winter Vivern, APT, or Hacktivists?<\/h2>\n

The Winter Vivern story is scattershot and leads to a somewhat confused profile.<\/p>\n

Its targets are pure APT: Early in 2021, researchers from DomainTools were parsing Microsoft Excel documents<\/a> using macros when they came upon one with a rather innocuous name: “contacts.” The contacts macro dropped a PowerShell script that contacted a domain that’d been active since December 2020. Upon further investigation, the researchers discovered more than they’d bargained for: other malicious documents targeting entities within Azerbaijan, Cyprus, India, Italy, Lithuania, Ukraine, and even the Vatican.<\/p>\n

The group was clearly still active by the summertime, when Lab52 published news of an ongoing campaign<\/a> matching the same profile. But it wasn’t until January 2023 that it resurfaced in the public eye, following campaigns against individual members of the Indian government, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and other European government agencies.<\/p>\n

“Of particular interest,” Hegel noted in his blog post, “is the APT’s targeting of private businesses, including telecommunications organizations that support Ukraine in the ongoing war.”<\/p>\n

This special emphasis on Ukraine adds intrigue to the story since, as recently as February, the Ukraine government was only able to conclude “with a high level of confidence” that “Russian-speaking members are present” within the group. Hegel has now gone a step further, by directly correlating the group with Russian and Belarusian state interests.<\/p>\n

“With the potential ties into Belarus, it’s challenging to determine if this is a new organization or simply new tasking from those we know well,” Hegel tells Dark Reading.<\/p>\n

Even so, the group doesn’t fit the profile of a typical nation-state APT. Their lack of resources, their “scrappiness” \u2014 relative to their heavy-hitting counterparts like Sandworm<\/a>, Cozy Bear<\/a>, Turla<\/a>, and others \u2014 place them in a category nearer to more ordinary hacktivism. “They do possess technical skills to accomplish initial access, however, at this time they don’t stack up to highly novel Russian actors,” Hegel says.<\/p>\n

Beyond the limited capacities, “their very limited set of activity and targeting is why they are so unknown in the public,” Hegel says. It may be in Winter Vivern’s favor, in the end. So long as it lacks that extra bite, it may continue to fly under the radar.<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The “underreported” APT has returned to focus after attacks promoting Russian and Belarusian government interests and going after targets with humor, zest, and scrappiness.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-51080","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nLow-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-17T14:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lh4.googleusercontent.com\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Low-Budget ‘Winter Vivern’ APT Awakens After 2-Year Hibernation\",\"datePublished\":\"2023-03-17T14:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/\"},\"wordCount\":875,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/\",\"name\":\"Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE\",\"datePublished\":\"2023-03-17T14:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE\",\"contentUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Low-Budget ‘Winter Vivern’ APT Awakens After 2-Year Hibernation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/","og_locale":"en_US","og_type":"article","og_title":"Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-03-17T14:00:00+00:00","og_image":[{"url":"https:\/\/lh4.googleusercontent.com\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Low-Budget ‘Winter Vivern’ APT Awakens After 2-Year Hibernation","datePublished":"2023-03-17T14:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/"},"wordCount":875,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#primaryimage"},"thumbnailUrl":"https:\/\/lh4.googleusercontent.com\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/","url":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/","name":"Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#primaryimage"},"thumbnailUrl":"https:\/\/lh4.googleusercontent.com\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE","datePublished":"2023-03-17T14:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#primaryimage","url":"https:\/\/lh4.googleusercontent.com\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE","contentUrl":"https:\/\/lh4.googleusercontent.com\/ENA34IpLP0VzHm3FfAWFsr6xF9PFGcmK82UMbcsQvivi0fOnYK8UjT8T-CDRSbwPKlDH0x_nACLoZWt_-zsKLXGjL2ufjYBFiinIw2klXB302f4_o-Or2Nv4DWArHtbp9NT-ecQhPNCCrn8WvXnZVbE"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/low-budget-winter-vivern-apt-awakens-after-2-year-hibernation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Low-Budget ‘Winter Vivern’ APT Awakens After 2-Year Hibernation"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51080","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51080"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51080\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}