Gamaredon, also known as Primitive Bear, UNC530, ACTINIUM, or Aqua Blizzard[1] (by Microsoft) is a Russian advanced persistent threat that has been active since at least 2013.
Cyber espionage appears to be the main goal of the group,; unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations) and appears to provide services for other APTs.[2] For example, the InvisiMole threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.[3]
The group frequently uses spear phishing techniques with malicious code attachments that download remote templates containing malware.
Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown.
See main article: 2022 Ukraine cyberattacks. On 19 January 2022, they attempted to compromise a Western government entity in Ukraine.[4]