Inception
G01006 reportsaliases · Inception · Inception Framework · Cloud Atlas
6
Reports
5
Techniques
4
Tactics
2
Countries
80%
Hunt coverage
3
Aliases
Analyst assessment — key judgments
- Signature techniques: T1588.006 (Vulnerabilities), T1593.001 (Social Media), T1589.001 (Credentials).
- Primary targeting: US, RU.
- Activity declining: 0 report(s) in last 30d vs 4 prior (-100%).
- Hunt coverage 80% of 5 observed techniques (1 gap(s)).
- Assessment confidence: medium (67).
Activity & trend
DecliningLast 30d: 0 vs 4 prior (-100%)· first reported 2025-08-25 · last 2026-06-10
0
7d
0
30d
4
90d
6
All
0.3
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
Dropped (90d+)
T1684AML.T0069.002Targeting lost
RUUSOverview
Analyst triage
Intelligence summary
Inception is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the Middle East.(Citation: Unit 42 Inception November 2018)(Citation: Symantec Inception Framework March 2018)(Citation: Kaspersky Cloud Atlas December 2014)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1588.006 · Vulnerabilitiesconf 754
- T1593.001 · Social Mediaconf 703
- T1589.001 · Credentialsconf 703
- T1684 · Social Engineeringconf 601
- AML.T0069.002 · System Promptconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|