Shuckworm

Threat Actor updated 6 months ago (2024-11-29T14:28:30.007Z)
Download STIX
Preview STIX
Shuckworm, also known as Gamaredon, Primitive Bear, ACTINIUM, and Armageddon, is a threat actor associated with the Russian government. Operational since 2013, it has been primarily targeting Ukrainian entities across multiple sectors, including government, defense, and critical infrastructure. In June 2023, the group intensified its cyber-attacks on Ukraine, demonstrating its adaptability and proficiency by repurposing Virtual Network Computing (VNC), a tool typically used for legitimate remote desktop sharing, for malicious activities. This enabled Shuckworm to maintain its presence on infiltrated systems and facilitate data exfiltration. Shuckworm's attacks are motivated by geopolitical, espionage, and disruption interests, indicating a broader pattern of state-sponsored cyber warfare. The group's campaigns exhibit distinct tactics, techniques, and procedures (TTPs) previously observed in cyber campaigns against the Ukrainian military. Notably, Shuckworm's adept use of VNC underscores its ability to manipulate standard tools for malicious ends, thereby increasing the potency and reach of its cyber-attacks. Despite initially focusing almost exclusively on Ukrainian targets, Shuckworm has broadened its cyber espionage efforts beyond Ukraine. This expansion signals a potential escalation in its activities and poses an increased threat to global cybersecurity. Given the group's history and capability, it's crucial for organizations to remain vigilant and reinforce their cyber defenses against such advanced persistent threats.
Description last updated: 2024-05-04T21:13:57.606Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Gamaredon is a possible alias for Shuckworm. Gamaredon, a Russia-aligned threat actor, has emerged as one of the most active Advanced Persistent Threat (APT) groups in Ukraine, particularly since Russia's 2022 invasion of the country. Composed of regular officers from the Russian Federal Security Service (FSB) and some former law enforcement o
3
Primitive Bear is a possible alias for Shuckworm. Primitive Bear, also known as Gamaredon, UAC-0010, and Shuckworm, is a threat actor associated with Russia that has been actively targeting Ukraine for over a decade. This group has primarily focused on organizations within government, defense, and critical infrastructure sectors. Since our update i
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ukraine
Espionage
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Shuckworm Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
a month ago
Securityaffairs
a month ago
Securityaffairs
a month ago
DARKReading
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Checkpoint
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago