Reportseverity: High2022-02-04
Microsoft details ACTINIUM (Gamaredon) operations against Ukrainian organizations
published by Microsoft
Actor
Russian state-sponsored intrusion set publicly attributed by the Security Service of Ukraine (SBU) to FSB officers based in Russian-occupied Crimea. The longest-running publicly-documented intrusion…
Summary
Microsoft Threat Intelligence Center (MSTIC) published a detailed report on ACTINIUM — Microsoft's tracking name at the time for Gamaredon, later renamed Aqua Blizzard. The report documented spear-phishing with malicious remote-template macro documents targeting Ukrainian government, military, judiciary, law enforcement, NGOs and humanitarian coordination bodies since October 2021, and described seven custom malware families including PowerPunch, Pterodo and QuietSieve.
Tags
espionageukrainephishingpterodo
Primary source
microsoft.comOther Gamaredon events
- 2025-04-10Shuckworm targets foreign military mission in Ukraine with updated GammaSteel
- 2023-06-15Symantec details Shuckworm long-running intrusions in Ukrainian military and government
- 2022-09-15Cisco Talos reports Gamaredon info-stealer campaign against Ukrainian government
- 2022-04-20Five Eyes joint advisory AA22-110A names Primitive Bear (Gamaredon) among Russian threats to critical infrastructure
- 2021-11-04SBU publicly attributes Gamaredon to FSB Center 18 and names five officers