Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

A Look at Actinium/Gamaredon’s Infrastructure: More Artifacts Revealed





Nearly-a-decade-old advanced persistent threat (APT) group Actinium/Gamaredon seemed to have gained a new lease on life as they recently resurfaced to target several Ukrainian organizations.1

Using 151 domains identified as indicators of compromise (IoCs) by three cybersecurity firms—Microsoft Security,2 Palo Alto Networks,3 and Symantec4—as jump-off points, our deep dive allowed us to build detailed threat research materials that revealed:

  • The domain IoCs resolved to several unique IP addresses, one of which was dubbed “dangerous” by various malware engines.
  • Hundreds of domains either shared IP hosts or a registrant email address with the domain IoCs, 20% of which were found to be malicious.
  • Several of the newly discovered artifacts had various Secure Sockets Layer (SSL), WHOIS, and nameserver issues and misconfigurations that could render them vulnerable to compromise.

Download the threat research materials now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis as well as trend identification.

  • [1] https://www.darkreading.com/attacks-breaches/russian-apt-steps-up-malicious-activity-in-ukraine
  • [2] https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
  • [3] https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/#gamaredon-downloader-infrastructure
  • [4] https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
Read other reports
To download the threat research materials, please fill in this form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.