HomeUpdateStrong evidence has been found against the gamaredon group operating in Ukraine

Strong evidence has been found against the gamaredon group operating in Ukraine

-

Last Updated on 05/02/2022 by Nidhi Khandelwal

During ongoing geopolitical tensions between the two countries, the Russia-linked Gamaredon hacking organization attempted to breach an undisclosed Western government entity operating in Ukraine last month.

Strong evidence has been found against the gamaredon group operating in Ukraine 1

In a fresh report released on February 3, Palo Alto Networks’ Unit 42 threat intelligence team stated that the phishing attack occurred on January 19, and that it “mapped out three big clusters of their infrastructure utilized to support distinct phishing and malware purposes.”

Since 2013, the threat actor, also known as Shuckworm, Armageddon, or Primitive Bear, has targeted Ukrainian government leaders and organizations with aggressive cyber attacks. Ukraine revealed the collective’s ties to Russia’s Federal Security Service last year (FSB).

To carry out the phishing assault, the campaign’s operators used a local job search and employment platform as a conduit to upload their malware downloader in the guise of a resume for an active job listing relevant to the targeted company.

“Given the stages and precision delivery involved in this campaign,” the researchers concluded, “it appears that this may have been a planned, purposeful endeavor by Gamaredon to compromise this Western government institution.”

Strong evidence has been found against the gamaredon group operating in Ukraine 2

Additionally, on December 1, 2021, Unit 42 discovered evidence of a Gamaredon campaign targeting Ukraine’s State Migration Service (SMS), which used a Word document as a lure to install the open-source UltraVNC virtual network computing (VNC) software for remote access to compromised PCs.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...