Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Motivation 2 Tactics 3 Ukraine 4 See also 5 References

Gamaredon

●Čeština Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard^[1] (by Microsoft) is a Russian advanced persistent threat that has been active since at least 2013.^[2]^[3]

Motivation

[edit]

Cyber espionage appears to be the main goal of the group,;^[2] unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations^[4]) and appears to provide services for other APTs.^[3] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.^[4]

Tactics

[edit]

The group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware.^[2]

Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown.^[2]

Ukraine

[edit]

On 19 January 2022, they attempted to compromise a Western government entity in Ukraine.^[2]

References

[edit]

^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.

^ ^a ^b ^c ^d ^e Kyle Alspach (4 February 2022). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat. Retrieved 9 May 2022.

^ ^a ^b Warren Mercer; Vitor Ventura (23 February 2021). "Gamaredon - When nation states don't pay all the bills". Cisco. Retrieved 9 May 2022.

^ ^a ^b Charlie Osborne (21 March 2022). "Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers". ZDNet. Retrieved 9 May 2022.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Gamaredon&oldid=1223612710" Categories: ●Hacking in the 2010s ●Hacking in the 2020s ●Russian advanced persistent threat groups Hidden categories: ●Articles with short description ●Short description is different from Wikidata ●This page was last edited on 13 May 2024, at 07:46 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view