Who is Gamaredon Group?

Gamaredon Group is a threat actor attributed to RU, also known as Trident Ursa, Winterflounder, IRON TILDEN. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Gamaredon Group exploit?

Specific CVE exploitation data for Gamaredon Group is being tracked. Check the Strobes VI threat actor profile for updates.

Gamaredon Group

Also known as: Trident Ursa, Winterflounder, IRON TILDEN, PRIMITIVE BEAR, G0047, DEV-0157, BlueAlpha, Actinium, Shuckworm, Aqua Blizzard, UAC-0010, ACTINIUM, Blue Otso

Exploited CVEs

Overview

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions

Gamaredon Group

Ready for Agentic Automated Testing?

Gamaredon Group