Gamaredon
High ConfidenceHigh ThreatPrimitive Bear • Shuckworm • Actinium • Aqua Blizzard • Armageddon • UAC-0010
Gamaredon, also known as Primitive Bear or Armageddon, is a Russian threat actor attributed to the Federal Security Service (FSB) of the Russian Federation. Active since at least 2013, the group has conducted persistent campaigns against Ukrainian government, military, law enforcement, and NGO targets. Gamaredon is characterized by high-volume, low-sophistication operations using custom VBS and PowerShell scripts. Despite their relatively simple tools, the group's persistence and continuous evolution make them a significant threat to Ukrainian national security.
Gamaredon, also known as Primitive Bear or Armageddon, is a Russian threat actor attributed to the Federal Security Service (FSB) of the Russian Federation. Active since at least 2013, the group has conducted persistent campaigns against Ukrainian government, military, law enforcement, and NGO targets. Gamaredon is characterized by high-volume, low-sophistication operations using custom VBS and PowerShell scripts. Despite their relatively simple tools, the group's persistence and continuous evolution make them a significant threat to Ukrainian national security.
Target Sectors
Target Regions
Attributed to FSB (Federal Security Service) (Russia). Attribution confidence: High.
Future Outlook
Gamaredon is expected to continue operations targeting Government sectors.
First observed activity of Gamaredon
Continued active operations