Nation-State Actor
Gamaredon
Russia • Active since 2013
Gamaredon is a Russian hacking group that mostly attacks Ukraine. They send tons of phishing emails with infected Word documents. Their malware is simple but they send so many attacks that some always get through.
Overview
Gamaredon is a Russian state-sponsored threat group attributed to the FSB that primarily targets Ukrainian government, military, and NGO sectors. They use high-volume spear-phishing and simple but effective malware.
Also Known As
Primitive Bear, Shuckworm, Actinium, Armageddon, Aqua Blizzard
Target Industries
Government, Military, NGOs, Diplomatic, Law Enforcement
Target Regions
Ukraine, NATO countries, Europe
Is your business exposed?
Tactics, Techniques & Procedures
- • High-volume spear-phishing
- • Malicious Office macros
- • USB spreading
- • Template injection
- • Scheduled task persistence
Known Tools & Malware
Pterodo, GammaLoad, GammaSteal, PowerPunch, DinoTrain
Notable Campaigns
Ukraine Government Targeting (2022-2023)
Intensified operations against Ukraine during the war.
Western Embassy Targeting (2021)
Targeted Western diplomatic missions in Ukraine.
MITRE ATT&CK Techniques
T1566.001, T1204.002, T1091, T1221, T1053.005
Defense Recommendations
- 1.
Implement template injection detection
- 2.
Disable USB autorun
- 3.
Monitor scheduled task creation
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required