By Warren Mercer and Vitor Ventura.
Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is usually not associated with high-visibility campaigns, Cisco Talos sees it is incredibly active and we believe the group is on par with some of the most prolific crimeware gangs.
It has been considered an APT for a long time, however, its characteristics don't match the common definition of an APT. We should consider the possibility of this not being an APT at all, rather being a group that provides services for other APTs, while doing its own attacks on other regions/victimology.
Contradicting the usual APT method of operation, Gamedon does not have a focused victimology and insteads targets users all over the globe.
This group is targeting everyone, from banks in Africa to educational institutions in the U.S.
The actor is not as stealthy as other major APT actors, and instead acts more like a crimeware gang.