Tsar Team is an alternate name for the group known as APT28

---

The Tsar Team is an advanced persistent threat (APT) group that has been active since at least 2013 and targets government, military, defense contractors, and other high-value organizations in various countries including Russia, Ukraine, Kazakhstan, Belarus, Georgia, Azerbaijan, Armenia, and Kyrgyzstan. The group is known for its sophisticated malware tools such as BlackEnergy3 (BE3), which has been used to compromise industrial control systems in the energy sector. Tsar Team\'s activities have included espionage, sabotage, and cyber attacks on critical infrastructure, making it a significant threat to national security.

Techniques, tactics and practices:

Tsar Team is an advanced persistent threat group that uses various techniques, tactics, and practices to compromise their targets. Some of these include:

1. Spear-phishing emails - sending targeted phishing emails with malicious attachments or links to trick users into downloading the BlackEnergy3 (BE3) trojan horse.
2. Watering hole attacks - infecting legitimate websites that are frequently visited by their targets, such as social media platforms and news sites.
3. Malware distribution through exploit kits - using vulnerabilities in software to distribute malware, including BlackEnergy3 (BE3).
4. Remote access tools - utilizing remote desktop protocols like VNC or RDP to gain unauthorized access to targeted systems and networks.
5. Physical attacks - conducting physical surveillance of their targets\' offices and stealing sensitive information, such as documents or