IRON VIKING is an alternate name for the group known as Sandworm Team

---

Iron Viking is an advanced persistent threat (APT) that has been active since at least 2014, targeting government and military organizations in several countries including Russia, Ukraine, Belarus, and Kazakhstan. The group uses a variety of tactics to gain access to their targets' networks, such as spear-phishing emails or exploiting vulnerabilities in software. Once inside the network, Iron Viking can steal sensitive information, install backdoors for future attacks, and conduct surveillance on individuals within the organization. The group has been linked to Russian military intelligence agencies and is believed to be responsible for several high-profile cyberattacks against government organizations in Eastern Europe.

Techniques, tactics and practices:

Iron Viking uses a variety of techniques to gain access to their targets' networks, including spear-phishing emails that contain malicious attachments or links. They also exploit vulnerabilities in software and use social engineering tactics such as impersonating legitimate organizations or individuals to trick users into revealing sensitive information. Once inside the network, Iron Viking can steal sensitive data, install backdoors for future attacks, conduct surveillance on individuals within the organization, and exfiltrate data in a way that is difficult to detect by security tools. They also use sophisticated malware such as X-Agent, which allows them to gain persistent access to their targets' networks even after they have been detected and removed from the system.