Type: Cyber Espionage

Status: Active Feb 2017

Other Names: TeamSpy Crew

Active Since/Discovered: 2004/ March 2013


  • Eastern Europe
  • most victims are ordinary users, but some are high-profile industrial, research, or diplomatic targets
  • high level political and human rights activists throughout CIS and Eastern European nations
  • government agencies
  • private companies
  • Belarusian activists in 2012

Target Sectors:

  • Activists
  • Energy, oil and gas companies
  • Heavy industry manufacturers
  • Intelligence agencies


  • TeamViewer RAT
    • Keylogger and screen capture
    • Legitimate digital certificates
    • Dynamically Patched in memory to obfuscate application

Preferred Attack Vector:  Social Engineering and Exploits


  • Stolen data includes: crypto keys, passwords, documents, proprietary information, Apple iOS device history data from iTunes, Detailed OS and BIOS information
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google