COBALT GYPSY is an alternate name for the group known as OilRig

---

COBALT GYPSY is an advanced persistent threat (APT) that has been active since at least 2016 and targets government agencies, military organizations, defense contractors, telecommunications companies, energy sector entities, research institutions, and other high-value targets. The group\'s activities include espionage, data exfiltration, malware development, and cybercrime. COBALT GYPSY is known to have ties with Russian intelligence agencies, but its exact affiliations are unclear.

Techniques, tactics and practices:

COBALT GYPSY is a highly sophisticated threat actor that employs various techniques to achieve its objectives. Some of these include spear-phishing emails, watering hole attacks, malware development and distribution, exploitation of vulnerabilities in software or systems, social engineering tactics such as baiting, and use of compromised credentials for lateral movement within target networks. The group also uses advanced evasion techniques to avoid detection by security tools and maintains a persistent presence on infected machines over extended periods of time.