GamaCopy is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does GamaCopy exploit?

Specific CVE exploitation data for GamaCopy is being tracked. Check the Strobes VI threat actor profile for updates.

GamaCopy

Exploited CVEs

Overview

GamaCopy is a threat actor first discovered in June 2023, known for launching cyberattacks against Russia’s defense and critical infrastructure sectors by mimicking the TTPs of Gamaredon. The organization has been active since at least August 2021 and primarily uses Russian-language bait documents related to military facilities. Analysis of attack samples shows considerable overlap in code structure and tactics, including the use of 7z-SFX documentation to install UltraVNC and connecting via port 443. GamaCopy employs open-source tools to obfuscate its activities while targeting sensitive information in the context of the Russia-Ukraine conflict.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database