NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Gamaredon Group

Gamaredon Group

G0047 Russia MITRE ATT&CK →

Also known as: IRON TILDEN · Primitive Bear · ACTINIUM · Armageddon · Shuckworm · DEV-0157 · Aqua Blizzard · NastyShrew

Overview

Gamaredon Group is a suspected Russian cyber espionage group that has targeted military, law enforcement, judiciary, non-profit, and non-governmental organizations in Ukraine since at least 2013. The name Gamaredon Group derives from a misspelling of the word "Armageddon," found in early campaigns. In November 2021, the Ukrainian government publicly attributed Gamaredon Group to Russia’s Federal Security Service (FSB) Center 18, an assessment later supported by multiple independent cybersecurity researchers.

Targets

Government

Regions

Germany · Ukraine

Capabilities

  • Destructive / data-wiping operations — ATT&CK T1561.001
  • Custom malware/implant development — ATT&CK: 3 attributed custom malware families

TTPs — 70 techniques across 12 tactics

Resource Development

Initial Access

Execution

Defense Impairment

Impact

Tools & malware (6)

QuietSieve · Pteranodon · Remcos · Ping · Reg · PowerPunch

Reporting (3)