Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard
(by Microsoft) is a Russian
advanced persistent threat
An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...
that has been active since at least 2013.
[
]
Motivation
Cyber espionage appears to be the main goal of the group,;[) and appears to provide services for other APTs.]
Tactics
The group frequently uses spear phishing
Phishing is a form of Social engineering (security), social engineering and a scam where attackers deceive people into revealing Information sensitivity, sensitive information or installing malware such as Computer virus, viruses, Computer worm, ...
techniques with malicious code attachments that download remote templates containing malware.[
Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown.][
]
Ukraine
On 19 January 2022, they attempted to compromise a Western government entity in Ukraine.
See also
*Cyberwarfare by Russia
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of ...
*Russo-Ukrainian cyberwarfare
Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013–2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded duri ...
References
{{reflist
Hacking in the 2010s
Hacking in the 2020s
Russian advanced persistent threat groups