Security News > 2021 > February > Highly Active 'Gamaredon' Group Provides Services to Other APTs
New evidence suggests that the Russia-linked threat actor Gamaredon is a hack-for-hire group that offers its services to other advanced persistent threat actors, similar to crimeware gangs, according to security researchers with Cisco's Talos division.
The group operates an infrastructure of more than 600 active domains that are used as command and control for the first stage, which deploys the second stage payloads and updates both stages when needed.
One of the most active and undeterred actors, Gamaredon doesn't show the same fluency and techniques that more advanced operations employ, but there's also no indicator that the group profits off the information stolen from victims.
According to Cisco's researchers, the group's modus operandi resembles that of second-tier APTs that pass critical information to top-tier units, operating as a service provider for more advanced APTs.
Thus, the researchers consider Gamaredon a second-tier APT, which provides breach services to tier-one actors, in a manner similar to what happens in the cybercrime scene.
"We believe that challenging the status quo on Gamaredon and others that could fit the previous definition, is beneficial as a whole. It will help organizations better understand the threats that they must focus their resources on. The fact remains Gamaredon remains a notoriously prolific group operating without any constraints on a globally impacting level," Talos concludes.