HOMETHREATSGamaredon Group
APT / THREAT GROUP

Gamaredon Group

🇷🇺Russia-attributed
14
aliases
Last seen:May 20, 2026

Intelligence Profile

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.

Threat Analysis

Gamaredon Group is a known-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Origin🇷🇺 Russia
Aliases14
SourceMalpedia

Also Known As

Blue OtsoPRIMITIVE BEARActiniumG0047ShuckwormWinterflounderGamaredon GroupIRON TILDENDEV-0157BlueAlphaTrident UrsaAqua BlizzardACTINIUMUAC-0010

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.