APT / THREAT GROUP
Gamaredon Group
🇷🇺Russia-attributed
14
aliases
Last seen:May 20, 2026
Intelligence Profile
Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.
Threat Analysis
Gamaredon Group is a known-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Origin🇷🇺 Russia
Aliases14
SourceMalpedia
Also Known As
Blue OtsoPRIMITIVE BEARActiniumG0047ShuckwormWinterflounderGamaredon GroupIRON TILDENDEV-0157BlueAlphaTrident UrsaAqua BlizzardACTINIUMUAC-0010
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.