Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine

    Wednesday, April 9, 2025 In: Threat Research Print

    Date: 04/09 /2025

    Severity: High 

    Summary

    Since our previous update in early February on the advanced persistent threat (APT) group Trident Ursa (also known as Gamaredon, UAC-0010, Primitive Bear, Shuckworm), Ukraine has continued to face escalating cyber threats from Russia. The Security Service of Ukraine attributes Trident Ursa to Russia’s Federal Security Service (FSB). Throughout the ongoing conflict, the group has acted as a persistent access facilitator and intelligence collector. Trident Ursa remains one of the most active, aggressive, and persistent APTs focused on targeting Ukraine.

    Indicators of Compromise (IOC) List

    Hash :

    b1bc659006938eb5912832eb8412c609d2d875c001ab411d1b69d343515291b7

    0b63f6e7621421de9968d46de243ef769a343b61597816615222387c45df80ae

    303abc6d8ab41cb00e3e7a2165ecc1e7fb4377ba46a9f4213a05f764567182e5

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash : 

    sha256hash IN ("303abc6d8ab41cb00e3e7a2165ecc1e7fb4377ba46a9f4213a05f764567182e5","0b63f6e7621421de9968d46de243ef769a343b61597816615222387c45df80ae","b1bc659006938eb5912832eb8412c609d2d875c001ab411d1b69d343515291b7")

    Reference:    

    https://unit42.paloaltonetworks.com/trident-ursa/


    Tags

    Primitive BearShuckwormMalwareThreat ActorAPTTrident UrsaGamaredonUAC-0010UkraineRussia

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.