Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard [1] (by Microsoft) is a Russian advanced persistent threat that has been active since at least 2013. [2] [3]
Cyber espionage appears to be the main goal of the group,; [2] unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations [4]) and appears to provide services for other APTs. [3] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted. [4]
The group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware. [2]
Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown. [2]
On 19 January 2022, they attempted to compromise a Western government entity in Ukraine. [2]
Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard [1] (by Microsoft) is a Russian advanced persistent threat that has been active since at least 2013. [2] [3]
Cyber espionage appears to be the main goal of the group,; [2] unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations [4]) and appears to provide services for other APTs. [3] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted. [4]
The group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware. [2]
Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown. [2]
On 19 January 2022, they attempted to compromise a Western government entity in Ukraine. [2]