# Gamaredon > Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Gamaredon > Markdown URL: https://mediated.wiki/source/Gamaredon.md > Source: https://en.wikipedia.org/wiki/Gamaredon > Source revision: 1345628511 > License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/) Russian advanced persistent threat **Gamaredon**, also known as **Primitive Bear**, **UNC530**, **ACTINIUM**, or **Aqua Blizzard**[1] (by Microsoft) is a Russian [advanced persistent threat](/source/Advanced_persistent_threat) that has been active since at least 2013.[2][3] ## Motivation Cyber espionage appears to be the main goal of the group,;[2] unlike most APTs, Gamaredon broadly targets all users all over the globe (in addition to also focusing on certain victims, especially Ukrainian organizations[4]) and appears to provide services for other APTs.[3] For example, the [InvisiMole](https://en.wikipedia.org/w/index.php?title=InvisiMole&action=edit&redlink=1) threat group has attacked select systems that Gamaredon had earlier compromised and fingerprinted.[4] ## Tactics The group frequently uses [spear phishing](/source/Spear_phishing) techniques with malicious code attachments that download remote templates containing malware.[2] Malware used by the group includes Pterodo, PowerPunch, ObfuMerry, ObfuBerry, DilongTrash, DinoTrain, and DesertDown.[2] ## Ukraine Main article: [2022 Ukraine cyberattacks](/source/2022_Ukraine_cyberattacks) On 19 January 2022, they attempted to compromise a Western government entity in Ukraine.[2] ## See also - [Cyberwarfare by Russia](/source/Cyberwarfare_by_Russia) - [Russo-Ukrainian cyberwarfare](/source/Russo-Ukrainian_cyberwarfare) ## References 1. **[^](#cite_ref-ms-threat-actors-24_1-0)** ["How Microsoft names threat actors"](https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming). Microsoft. Retrieved 21 January 2024. 1. ^ [***a***](#cite_ref-venturebeatFeb2022_2-0) [***b***](#cite_ref-venturebeatFeb2022_2-1) [***c***](#cite_ref-venturebeatFeb2022_2-2) [***d***](#cite_ref-venturebeatFeb2022_2-3) [***e***](#cite_ref-venturebeatFeb2022_2-4) Kyle Alspach (4 February 2022). ["Microsoft discloses new details on Russian hacker group Gamaredon"](https://venturebeat.com/2022/02/04/microsoft-discloses-new-details-on-russian-hacker-group-gamaredon/). *[VentureBeat](/source/VentureBeat)*. Retrieved 9 May 2022. 1. ^ [***a***](#cite_ref-Talos_3-0) [***b***](#cite_ref-Talos_3-1) Warren Mercer; Vitor Ventura (23 February 2021). ["Gamaredon - When nation states don't pay all the bills"](https://blog.talosintelligence.com/2021/02/gamaredonactivities.html). *Cisco*. Retrieved 9 May 2022. 1. ^ [***a***](#cite_ref-zdnet21March2022_4-0) [***b***](#cite_ref-zdnet21March2022_4-1) Charlie Osborne (21 March 2022). ["Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers"](https://www.zdnet.com/article/ukraine-warns-of-invisimole-attacks-tied-to-state-sponsored-russian-hackers/). *[ZDNet](/source/ZDNet)*. Retrieved 9 May 2022. --- Adapted from the Wikipedia article [Gamaredon](https://en.wikipedia.org/wiki/Gamaredon) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Gamaredon?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.