Gamaredon Group
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 04/05/2026 16:33
- Updated at
- 04/05/2026 16:33
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 94 attack patterns (mitre), 6 malware, 1 countries, 100 indicators, 3 tool
Aliases
IRON TILDEN Primitive Bear Armageddon DEV-0157 Aqua Blizzard ACTINIUM Shuckworm
Description
[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage group that has targeted military, law enforcement, judiciary, non-profit, and non-governmental organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) derives from a misspelling of the word "Armageddon," found in early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022)
In November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia’s Federal Security Service (FSB) Center 18, an assessment later supported by multiple independent cybersecurity researchers. (Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
- mitre-attack (G0047)
- TrendMicro Gamaredon April 2020
- Secureworks IRON TILDEN Profile
- Cloudflare 2026 Threat Report New Threat Actors March 2026
- Microsoft Threat Actor Naming July 2023
- Bleepingcomputer Gamardeon FSB November 2021
- Symantec Shuckworm January 2022
- ESET Gamaredon June 2020
- Palo Alto Gamaredon Feb 2017
- Unit 42 Gamaredon February 2022
- Microsoft Actinium February 2022