Who is Gamaredon Group?

Gamaredon Group is a threat actor attributed to RU, also known as UNC4057, TA446, BlueAlpha. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Gamaredon Group exploit?

Gamaredon Group is known to exploit 2 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Gamaredon Group

Also known as: UNC4057, TA446, BlueAlpha, SEABORGIUM, TAG-53, Calisto, Cold River, BlueCharlie, IRON FRONTIER, Armageddon, Trident Ursa, DEV-0157, ACTINIUM, Aqua Blizzard, Callisto, IRON TILDEN, COLDRIVER, PRIMITIVE BEAR, Gamaredon, Shuckworm, Callisto Group, Actinium, Star Blizzard, Primitive Bear, GOSSAMER BEAR, Iron Tilden, Winterflounder, Blue Callisto, UAC-0010, Blue Otso, G0047, SectorC08, UNC530, Nahr el bared, Nahr Elbard, Cobalt Edgewater, Seaborgium, Grey Pro, Mythic Ursa, Gossamer Bear

RUInformation theft and espionage

Exploited CVEs

Overview

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. In the past, the Gamaredon Group has relied heavily on off-the-shelf tools. Our new research shows the Gamaredon Group have made a shift to custom-developed malware. We believe this shift indicates the Gamaredon Group have improved their technical capabilities.

Exploited Vulnerabilities

CVE ID	Action
CVE-2017-11774