RUG0047
Gamaredon GroupGamaredon Group
Also known as: ACTINIUM · DEV-0157 · Blue Otso · BlueAlpha · G0047 · IRON TILDEN · PRIMITIVE BEAR · Shuckworm · Trident Ursa · UAC-0010 · Winterflounder · Aqua Blizzard · Actinium · Gamaredon Group
Origin
RU
Known aliases
14
Target sectors
1
Profile
Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.
Aliases· 14
ACTINIUMDEV-0157Blue OtsoBlueAlphaIRON TILDENPRIMITIVE BEARShuckwormTrident UrsaUAC-0010WinterflounderAqua BlizzardActiniumGamaredon Group
Target sectors· 1
Government
Known victims· 2
- Ukraine
- Germany
MITRE ATT&CK Group crosswalk
References
- http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution
- https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf
- https://unit42.paloaltonetworks.com/unit-42-title-gamaredon-group-toolset-evolution
- https://attack.mitre.org/groups/G0047
- https://github.com/StrangerealIntel/CyberThreatIntel/tree/master/Russia/APT/Gamaredon
- https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf
- https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal
- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.