Press ESC to close

Dark Web Profile: Gamaredon APT

Category Details
Threat Actors Gamaredon APT (also known as Primitive Bear, Actinium, UAC-0010, Aqua Blizzard, Blue Otso, Shuckworm).
Campaign Overview Russian state-sponsored APT group targeting Ukraine and NATO-aligned nations with cyberespionage campaigns since 2013.
Target Regions (Or Victims) Ukrainian government, military, critical infrastructure, and NATO-aligned nations (Poland, Bulgaria, Lithuania, Latvia).
Methodology – Spear-phishing emails with trojanized Word documents
– Weaponized USB drives
– Exploitation of legitimate services for C2 communication.
Product Targeted Military intelligence, government communications, critical infrastructure.
Malware Reference GammaLoad, GammaDrop, PteroLNK, Pterodo, GammaSteel, PteroPSDoor.
Tools Used – PteroDoc for weaponized documents
– Scheduled tasks for persistence
– Legitimate services (Telegram, Cloudflare DNS) for C2 communication.
Vulnerabilities Exploited Relies on user execution vulnerabilities (social engineering) rather than software flaws.
TTPs – Persistent spear-phishing
– Lateral movement via USB drives
– Scheduled tasks and registry modification for persistence.
Attribution Attributed to Russian FSB, aligned with Moscow’s geopolitical objectives.
Recommendations – Strengthen email and endpoint security
– Monitor USB device activity
– Regular patching
– Leverage threat intelligence feeds.
Source SOCRadar

Read full article: https://socradar.io/dark-web-profile-gamaredon-apt/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: SOCRadar

Published on: January 1, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *