Russia's 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses

The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.

June 25, 2026

A Russian cyber espionage group has improved a variety of its tactics, techniques, and procedures (TTPs), helping it become a more effective belligerent in the Ukraine war and beyond. Enterprises should implement fresh strategies to be effective against this adversary, which reaped dividends from the upgrade in terms of mounting larger and more successful cyberattacks.

Organizations often grow stale and outmoded over time, but the Gamaredon group (aka Aqua Blizzard, Armageddon, BlueAlpha) is fighting back against old age. It's been around since at least 2013 — a lifetime in hacker years — and it's still one of the Russian government's most active and evolving threat actors.

In a report this week, ESET tracks 35 separate Gamaredon spear-phishing campaigns against Ukraine carried out last year. In that time, the APT developed a half dozen new downloaders, and adopted a variety of tactics aimed at concealing its command-and-control (C2) infrastructure.