Gamaredon targeted a foreign military mission in Ukraine with updated GammaSteel malware on Feb 26, 2025, per Symantec. Symantec Threat Hunter researchers reported that the Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) targeted a foreign military mission based in Ukraine with an updated version of the GamaSteel infostealer. Shuckworm is known for targeting government, […]
Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related […]
New threat actor GamaCopy mimics Russia-linked Gamaredon APT in attacks on Russian-speaking targets. The Knownsec 404 Advanced Threat Intelligence team recently analyzed attacks on Russian-speaking targets using military-themed bait, 7z SFX for payloads, and UltraVNC, mimicking Gamaredon’s TTPs. The researchers linked the activity to the APT Core Werewolf (aka Awaken Likho, PseudoGamaredon), it mimics Gamaredon […]
Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB. Check Point researchers observed Russia-linked Gamaredon spreading the worm called LitterDrifter via USB in attacks against Ukraine. Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) has been active since 2014 and its activity focuses on Ukraine, the group was observed using the multistage backdoor Pteranodon/Pterodo. The Gamaredon APT group continues to carry out […]
Ukraine’s Computer Emergency Response Team (CERT-UA) states that Russia-linked APT Gamaredon starts stealing data 30 minutes after the initial compromise. Ukraine’s Computer Emergency Response Team (CERT-UA) is warning that the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) use to steal data from victims’ networks in less than an hour after the initial compromise. Gamaredon has […]
Russia-linked threat actor Gamaredon employed new spyware in cyber attacks aimed at public authorities and critical information infrastructure in Ukraine. The State Cyber Protection Centre (SCPC) of Ukraine warns of a new wave of targeted attacks conducted by the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa). The attacks aimed at public authorities and critical information […]
Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) is targeting employees of the Ukrainian government, defense, and law enforcement agencies with a piece of a custom-made information stealer implant. The malicious code was designed to […]
Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […]
Russia-linked threat actor Gamaredon targets Ukraine with new variants of the custom Pterodo backdoor. Russia-linked Gamaredon APT group (a.k.a. Armageddon, Primitive Bear, and ACTINIUM) continues to target Ukraine and it is using new variants of the custom Pterodo backdoor (aka Pteranodon). The cyberespionage group is behind a recent series of spear-phishing attacks targeting Ukrainian entities and organizations related to Ukrainian […]
Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. Ukraine’s premier law enforcement and counterintelligence disclosed the real identities of five alleged members of the Russia-linked APT group Gamaredon (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) that are suspected to be components of the […]