Cyber Resilience

Threat actor · all actors

Gamaredon GroupG0047 state

🇷🇺 RU

aka Gamaredon Group, IRON TILDEN, Primitive Bear, ACTINIUM, Armageddon, Shuckworm, DEV-0157, Aqua Blizzard, NastyShrew, Blue Otso, BlueAlpha, G0047, Trident Ursa, UAC-0010, Winterflounder

Last updated: 2026-07-03

1attributed CVEs
91ATT&CK techniques
2.7IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[Gamaredon Group](https://attack.mitre.org/groups/G0047) is a suspected Russian cyber espionage group that has targeted military, law enforcement, judiciary, non-profit, and non-governmental organizations in Ukraine since at least 2013. The name [Gamaredon Group](https://attack.mitre.org/groups/G0047) derives from a misspelling of the word "Armageddon," found in early campaigns.(Citation: Palo Alto Gamaredon Feb 2017)(Citation: TrendMicro Gamaredon April 2020)(Citation: ESET Gamaredon June 2020)(Citation: Symantec Shuckworm January 2022)(Citation: Microsoft Actinium February 2022) In November 2021, the Ukrainian government publicly attributed [Gamaredon Group](https://attack.mitre.org/groups/G0047) to Russia’s Federal Security Service (FSB) Center 18, an assessment later supported by multiple independent cybersecurity researchers. (Citation: Bleepingcomputer Gamardeon FSB November 2021)(Citation: Microsoft Actinium February 2022)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-22813 3.56.10.00912026-01-12see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-450 / 9155%
SI-346 / 9151%
CM-243 / 9147%
CM-641 / 9145%
CM-732 / 9135%
AC-330 / 9133%
CA-729 / 9132%
AC-628 / 9131%
SC-725 / 9127%
SI-724 / 9126%
AC-422 / 9124%
AC-220 / 9122%
SI-1019 / 9121%
RA-515 / 9116%
SI-214 / 9115%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs