Shuckworm

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Shuckworm, also known as Gamaredon, Primitive Bear, ACTINIUM, and Armageddon, is a threat actor associated with the Russian government. Operational since 2013, it has been primarily targeting Ukrainian entities across multiple sectors, including government, defense, and critical infrastructure. In June 2023, the group intensified its cyber-attacks on Ukraine, demonstrating its adaptability and proficiency by repurposing Virtual Network Computing (VNC), a tool typically used for legitimate remote desktop sharing, for malicious activities. This enabled Shuckworm to maintain its presence on infiltrated systems and facilitate data exfiltration. Shuckworm's attacks are motivated by geopolitical, espionage, and disruption interests, indicating a broader pattern of state-sponsored cyber warfare. The group's campaigns exhibit distinct tactics, techniques, and procedures (TTPs) previously observed in cyber campaigns against the Ukrainian military. Notably, Shuckworm's adept use of VNC underscores its ability to manipulate standard tools for malicious ends, thereby increasing the potency and reach of its cyber-attacks. Despite initially focusing almost exclusively on Ukrainian targets, Shuckworm has broadened its cyber espionage efforts beyond Ukraine. This expansion signals a potential escalation in its activities and poses an increased threat to global cybersecurity. Given the group's history and capability, it's crucial for organizations to remain vigilant and reinforce their cyber defenses against such advanced persistent threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gamaredon
2
Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E
Armageddon
1
Armageddon, also known as the Gamaredon Group, is a threat actor that has been operational since around 2013 or 2014. This group comprises regular officers of the Russian Federal Security Service (FSB) and some former law enforcement officers from Ukraine. Armageddon has been particularly active in
Primitive Bear
1
Primitive Bear, also known as Gamaredon, UAC-0010, and Shuckworm, is a threat actor associated with Russia that has been actively targeting Ukraine for over a decade. This group has primarily focused on organizations within government, defense, and critical infrastructure sectors. Since our update i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Espionage
Ukraine
Blackberry
Apt
VNC
Malware
Symantec
Russia
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TildenUnspecified
1
None
Source Document References
Information about the Shuckworm Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
6 months ago
Ukraine Military Targeted With Russian APT PowerShell Attack
CERT-EU
10 months ago
Q3 2023 Analytic Co-Pilot Use Cases
CERT-EU
8 months ago
Russian hackers unleash new USB-based cyber threat LitterDrifter
CERT-EU
8 months ago
Russian USB malware spreads worldwide, beyond its Ukraine targets
CERT-EU
8 months ago
Russian state hackers unleash USB worm with global reach
CERT-EU
8 months ago
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
CERT-EU
8 months ago
Russian cyberspies target Ukraine with new USB worm
CERT-EU
8 months ago
נחשפו מתקפות של הביון הרוסי עם תולעת הנחבאת ב-USB -
Checkpoint
8 months ago
Malware Spotlight - Into the Trash: Analyzing LitterDrifter - Check Point Research
CERT-EU
10 months ago
Security Spotlight: Monitoring Virtual Network Computing
CERT-EU
10 months ago
Hackers Are Dropping USB Drives at Watering Holes | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
10 months ago
Hacker Group Infrastructure That Uses Weaponized MS Word Docs Uncovered
CERT-EU
a year ago
Cyber Attacks by Non-State Actors Continue Astride in Europe
CERT-EU
a year ago
Russia-linked Gamaredon APT infected thousands of government computers in Ukraine
CERT-EU
a year ago
RomCom Group Targets Ukraine Supporters Ahead of NATO Summit
CERT-EU
a year ago
A Decade of ‘Bad Magic’ In Cyber Espionage
CERT-EU
a year ago
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine – Cyber Security Review
CERT-EU
a year ago
Pro-Russian hackers remain active amid Ukraine counteroffensive
InfoSecurity-magazine
a year ago
Russia-affiliated Shuckworm Intensifies Cyber-Attacks on Ukraine
CERT-EU
a year ago
Flaw in Microsoft Process Explorer under active attack