Jump to content

Gamaredon

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Autarch (talk | contribs) at 18:20, 10 May 2022 (Added Microsoft as origin of Actinium codename.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Gamaredon, also known as Primitive Bear and Actinium (by Microsoft) is a Russian advanced persistent threat that has been active since at least 2013.[1][2]

Motivation

Cyber espionage appears to be the main goal of the group,[1]; unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations[3]) and appears to provide services for other APTs.[2] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.[3]

Tactics

The group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware.[1]

Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown.[1]

Ukraine

On 19 January 2022, they attempted to compromise a Western government entity in Ukraine.[1]

See also

References

  1. ^ a b c d e Kyle Alspach (4 February 2022). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat. Retrieved 9 May 2022.
  2. ^ a b Warren Mercer; Vitor Ventura (23 February 2021). "Gamaredon - When nation states don't pay all the bills". Cisco. Retrieved 9 May 2022.
  3. ^ a b Charlie Osborne (21 March 2022). "Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers". ZDNet. Retrieved 9 May 2022.