Misplaced Pages

Gamaredon

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
(Redirected from Primitive Bear) Russian advanced persistent threat

Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard (by Microsoft) is a Russian advanced persistent threat that has been active since at least 2013.

Motivation

Cyber espionage appears to be the main goal of the group,; unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations) and appears to provide services for other APTs. For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.

Tactics

The group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware.

Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown.

Ukraine

Main article: 2022 Ukraine cyberattacks

On 19 January 2022, they attempted to compromise a Western government entity in Ukraine.

See also

References

  1. "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
  2. ^ Kyle Alspach (4 February 2022). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat. Retrieved 9 May 2022.
  3. ^ Warren Mercer; Vitor Ventura (23 February 2021). "Gamaredon - When nation states don't pay all the bills". Cisco. Retrieved 9 May 2022.
  4. ^ Charlie Osborne (21 March 2022). "Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers". ZDNet. Retrieved 9 May 2022.
Categories: