Not Simon 🐐

2024

• December 05, 2024 – Recorded Future: BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure, 16 page PDF
• September 26, 2024 – ESET Research: Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023, 52 page PDF
• June 24, 2024 – European Union: COUNCIL DECISION (CFSP) 2024/1779 of 24 June 2024 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyberattacks threatening the Union or its Member States (PDF) (ATTRIBUTION and sanctions)
• February 01?, 2024: Securonix: Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

2023

• November 17, 2023 – Check Point Research: Malware Spotlight – Into the Trash: Analyzing LitterDrifter
• August 28, 2023 – National Security and Defense Council of Ukraine (RNBO): Gamaredon Activity Amid Ukraine's Counteroffensive (PDF)
• July 13, 2023 – CERT-UA: Summary information on the activities of the UAC-0010 group as of July 2023
• July 24, 2023 – NKSC-LT (Lithuania): Report on Cyber Lessons Learned During the War in Ukraine (PDF)
• June 15, 2023 – Symantec: Shuckworm: Inside Russia's Relentless Cyber Campaign Against Ukraine
• March 20, 2023 – ThreatMon: Cybergun: Technical Analysis of the Armageddon's Infostealer (PDF, archive of broken link)
• March 17, 2023 – State Service of Special Communications and Information Protection of Ukraine (SSSCIP): Gamaredon carried out 74 cyberattacks against Ukraine in 2022
• March 13, 2023 – ThreatMon: Beyond Bullets and Bombs: An Examination of Armageddon Group's Cyber Warfare Against Ukraine (PDF, archive of broken link)
• January 24, 2023 – Trellix: Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
• January 23, 2023 – European Repository of Cyber Incidents: ADVANCED PERSISTENT THREAT profile Gamaredon (PDF)
• January 19, 2023 – BlackBerry: Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
• January 09, 2023 – State Cyber Protection Centre of Ukraine (SCPC): ANOTHER UAC-0010 STORY (PDF)

2022

• December 20, 2022 – Unit 42: Russia's Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
• November 21, 2022 – BlackBerry: Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military
• November 08, 2022 – CERT-UA: Cyberattack by the UAC-0010 group: sending emails supposedly on behalf of the State Service for Special Communications (CERT-UA#5570) (Ukrainian language)
• September 15, 2022 – Cisco Talos: Gamaredon APT targets Ukrainian government agencies in new campaign
• August 15, 2022 – Symantec: Shuckworm: Russia-Linked Group Maintains Ukraine Focus
• August 10, 2022 – CERT-UA: Cyberattacks by the UAC-0010 (Armageddon) group: GammaLoad, GammaSteel malware (CERT-UA#5134) (Ukrainian language)
• July 26, 2022 – CERT-UA: Cyberattacks by the UAC-0010 (Armageddon) group using the GammaLoad.PS1_v2 malware (CERT-UA#5003,5013,5069,5071) (Ukrainian language)
• June 20, 2022 – Elastic: Playing defense against Gamaredon Group
• May 12, 2022 – CERT-UA: Cyberattacks by the UAC-0010 (Armageddon) group using the GammaLoad.PS1_v2 malware (CERT-UA#4634,4648) (Ukrainian language)
• May 12, 2022 – Cisco: Network Footprints of Gamaredon Group
• April 20, 2022 – Symantec: Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
• April 07, 2022 – CERT-UA: Cyberattack by the UAC-0010 (Armageddon) group on Ukrainian state organizations (CERT-UA#4434) (Ukrainian language)
• April 04, 2022 – CERT-UA:
  • Cyberattack by the UAC-0010 (Armageddon) group on Ukrainian state organizations (CERT-UA#4378) (Ukrainian language)
  • Cyberattack by the UAC-0010 (Armageddon) group on state institutions of the European Union countries (CERT-UA#4334) (Ukrainian language)
• February 04, 2022 – Microsoft: ACTINIUM targets Ukrainian organizations
• February 03, 2022 – Unit 42: Russia's Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine
• February 01, 2022 – CERT-UA: Cyberattack by the UAC-0010 (Armageddon) group on Ukrainian state organizations (CERT-UA#3787) (Ukrainian language)
• January 31, 2022 – Symantec: Shuckworm Continues Cyber-Espionage Attacks Against Ukraine

2021

• November 04, 2021 Security Service of Ukraine (SSU):
  • SSU identifies FSB hackers responsible for over 5,000 cyber attacks against Ukraine (video) (ATTRIBUTION)
  • Gamaredon/Armageddon Group: FSB RF cyber attacks against Ukraine (PDF)
• August 21, 2019 – Fortinet: The Gamaredon Group: A TTP Profile Analysis
• March 03, 2021 – CERT-UA: Renewed cyberattacks using the Pterodo missile defense system of the Armageddon/Gamaredon hacker group (Ukrainian language)
• February 23, 2021 – Cisco Talos: Gamaredon – When nation states don't pay all the bills
• January 27, 2021 – CERT-EE (Estonia): Gamaredon Infection: From Dropper to Entry

2020

• June 18, 2020 – ESET: Digging up InvisiMole's hidden arsenal, InvisiMole: The Hidden Part of the Story. Unearthing InvisiMole's Espionage Toolset and Strategic Cooperations (Whitepaper PDF, links InvisiMole to Gamaredon)
• June 11, 2020 – ESET: Gamaredon group grows its game
• April 17, 2020 – Trend Micro: Gamaredon APT Group Use Covid-19 Lure in Campaigns
• February 17, 2020 – Yoroi: Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign
• February 05, 2020 – SentinelOne: Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting

2019

• December 12, 2019 – Recorded Future: Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs, archive of missing PDF report
• December 05, 2019 – Anomali: Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine
• July 17, 2019 – Intezer: EvilGnome: Rare Malware Spying on Linux Desktop Users
• June 04, 2019 – Yoroi: The Russian Shadow in Eastern Europe: A Month Later
• April 30, 2019 – Threatbook: [Weibu Online Report] Gamaredon gang launches targeted attack on Ukrainian election (Chinese language)
• April 24, 2019 – Yoroi: The Russian Shadow in Eastern Europe: Ukraininan MOD Campaign

• January 07, 2019 – Vitali Kremez: Let's Learn: Deeper Dive into Gamaredon Group Pteranodon Implant Version '_512' (achieve of dead link)

• February 27, 2017 – Unit 42: The Gamaredon Group Toolset Evolution

2015

• April 28, 2015 – Lookingglass: Operation Armageddon: Cyber Espionage as a Strategic Component of Russian Modern Warfare (PDF, archive of a dead link)