Winter Vivern (TAG-70 / UAC-0114 / TA473): A Persistent Eastern European Cyber-Espionage Threat Targeting NATO and EU Governments

Winter Vivern (TAG-70/UAC-0114/TA473) is a Russia-aligned, state-sponsored APT active since 2020 that conducts sustained espionage against NATO, EU and Ukrainian government, military, diplomatic and telecom targets using spear-phishing, credential-harvesting portals, web shells, PowerShell loaders and Zimbra exploits; the report details their TTPs, multi-year campaign activity and recommends hardening email infrastructure, continuous vulnerability management, advanced phishing detection and stronger authentication.