Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard[1] (by Microsoft) is a Russian advanced persistent threat that has been active since at least 2013.[2][3]
Cyber espionage appears to be the main goal of the group,[2]; unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations[4]) and appears to provide services for other APTs.[3] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.[4]
Tacticsedit
The group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware.[2]
Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown.[2]
^"How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
^ abcdeKyle Alspach (4 February 2022). "Microsoft discloses new details on Russian hacker group Gamaredon". VentureBeat. Retrieved 9 May 2022.
^ abWarren Mercer; Vitor Ventura (23 February 2021). "Gamaredon - When nation states don't pay all the bills". Cisco. Retrieved 9 May 2022.
^ abCharlie Osborne (21 March 2022). "Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers". ZDNet. Retrieved 9 May 2022.
April 12, 2024
gamaredon, also, known, primitive, bear, unc530, actinium, aqua, blizzard, microsoft, russian, advanced, persistent, threat, that, been, active, since, least, 2013, contents, motivation, tactics, ukraine, also, referencesmotivation, editcyber, espionage, appea. Gamaredon also known as Primitive Bear UNC530 ACTINIUM or Aqua Blizzard 1 by Microsoft is a Russian advanced persistent threat that has been active since at least 2013 2 3 Contents 1 Motivation 2 Tactics 3 Ukraine 4 See also 5 ReferencesMotivation editCyber espionage appears to be the main goal of the group 2 unlike most APTs Gamaredon broadly targets all users all over the globe in addition to also focusing on certain victims especially Ukrainian organizations 4 and appears to provide services for other APTs 3 For example the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted 4 Tactics editThe group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware 2 Malware used by the group includes Pterodo PowerPunch ObfuMerry ObfuBerry DilongTrash DinoTrain and DesertDown 2 Ukraine editMain article 2022 Ukraine cyberattacks On 19 January 2022 they attempted to compromise a Western government entity in Ukraine 2 See also editCyberwarfare by Russia Russian Ukrainian cyberwarfareReferences edit How Microsoft names threat actors Microsoft Retrieved 21 January 2024 a b c d e Kyle Alspach 4 February 2022 Microsoft discloses new details on Russian hacker group Gamaredon VentureBeat Retrieved 9 May 2022 a b Warren Mercer Vitor Ventura 23 February 2021 Gamaredon When nation states don t pay all the bills Cisco Retrieved 9 May 2022 a b Charlie Osborne 21 March 2022 Ukraine warns of InvisiMole attacks tied to state sponsored Russian hackers ZDNet Retrieved 9 May 2022 Retrieved from https en wikipedia org w index php title Gamaredon amp oldid 1197571915, wikipedia, wiki, book, books, library,
