OldGremlin: A Stealthy Russian-Speaking Ransomware and Espionage Threat Group Evolving Into a Precision Striking APT

OldGremlin is a Russian-speaking, financially motivated hybrid threat actor active from 2020 through 2025 that combines APT-level reconnaissance and long dwell times with targeted ransomware double-extortion operations; the group uses spear-phishing in multiple languages, credential theft (RDP/VPN), custom backdoors (TinyNode, TinyShell), modular implants, multi-stage loaders, cloud-tunneled C2, and supply-chain impersonation to maximize impact across sectors including finance, logistics, manufacturing, retail and healthcare.