G0047
G0047Gamaredon Group
Description
[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) comes from a misspelling of the word "Armageddon", which was detected in the adversary's early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022)
In November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia's Federal Security Service (FSB) Center 18.(Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)
References
- https://attack.mitre.org/groups/G0047
- https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
- https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
- https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/
- https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
- https://www.secureworks.com/research/threat-profiles/iron-tilden
- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
- https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/
- https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
Software attributed to this3
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Software | InvisiMoles0260 | 100% | live |
| Software | Pteranodons0147 | 100% | live |
| Software | QuietSieves0686 | 95% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.