Gamaredon (FSB-linked, Primitive Bear / Shuckworm) has advanced its malware delivery and infrastructure obfuscation capabilities as of June 2026, specifically to defeat existing signature-based detections and network-level IOC blocking. No specific software vulnerability or CVE applies; this is a threat actor tradecraft evolution advisory. Detection emphasis must shift from IOC-based to behavioral and anomaly-based methods. Ukrainian government, military, critical infrastructure, and NATO-adjacent organizations face elevated risk of undetected intrusion during this upgrade cycle.