The Gamaredon group has been active since at least 2013.

Gamaredon group is a long-term action of cyber espionage, which is attributed to the Russian FSB's long-term military and geopolitical confrontation with the Ukrainian government, especially with the Ukrainian military forces.

Backdoor malware: Pterodo

The new Pterodo generates a unique URL for command and control based on the hard disk serial number of the infected system. Data about the infected system is uploaded to this URL, allowing the GJ to analyze which tools are installed and run remotely.

Espionage analysis
https://yoroi.company/research/cyberwarfare-a-deep-dive-into-the-latest-gamaredon-espionage-campaign/
https://malware.news/t/cyberwarfare-a-deep-dive-into-the-latest-gamaredon-espionage-campaign/37119

2015 year
https://www.securityweek.com/operation-armageddon-cyber-espionage-campaign-aimed-ukraine-lookingglass

https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf?__cf_chl_captcha_tk__=adef0b6c99b337ce1f1797415423004c15e858c9-1585728746-0-AcZbYXYiNZewBW_bGRp2cib9zGEAeKTbIGSdLfJ6c53xG3P9JKgD4trrT_KyErySqhBYbGSWyQIwPJEN8UH6rNm1TUIJdiFL8oRlemI8Emww5oVNbBxD-t70j8Tn30zAL3aNhDn2Kj_7BVbyEENo1EqeBTeT5XbHc2HgiTiVkMdyoO_BrQ4nt_nDujmadUDEOzOX1H0GYbaPi41k--Hox_walKs1zEOHWXu6Zx6ohqXGmgcOXs3FgzKKAfzghILuJ5I5B5I7umfmaO1KAYuhaFktALyavU8OxWSfYOaS0XccqzfgZnTehUWdzg8esCzs-dhbZz7udwoZRtIh6eltD46F7Lv45JNVlXNF71G4_D9Ht_d2mxqRKuLLRhkJbqs12g

2017 February 27th 2013
//Tool set evolution
https://unit42.paloaltonetworks.com/unit-42-title-gamaredon-group-toolset-evolution/
https://www.securityweek.com/gamaredon-group-uses-custom-malware-ukraine-attacks

2019 April 30, 2004
//Ukrainian general election, * * * family Pterodo
https://m.threatbook.cn/detail/1417
https://yoroi.company/research/cyberwarfare-a-deep-dive-into-the-latest-gamaredon-espionage-campaign/

2019 August 21st 2013
TTP
https://www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html