Last Updated on 05/02/2022 by Nidhi Khandelwal
During ongoing geopolitical tensions between the two countries, the Russia-linked Gamaredon hacking organization attempted to breach an undisclosed Western government entity operating in Ukraine last month.
In a fresh report released on February 3, Palo Alto Networks’ Unit 42 threat intelligence team stated that the phishing attack occurred on January 19, and that it “mapped out three big clusters of their infrastructure utilized to support distinct phishing and malware purposes.”
Since 2013, the threat actor, also known as Shuckworm, Armageddon, or Primitive Bear, has targeted Ukrainian government leaders and organizations with aggressive cyber attacks. Ukraine revealed the collective’s ties to Russia’s Federal Security Service last year (FSB).
To carry out the phishing assault, the campaign’s operators used a local job search and employment platform as a conduit to upload their malware downloader in the guise of a resume for an active job listing relevant to the targeted company.
“Given the stages and precision delivery involved in this campaign,” the researchers concluded, “it appears that this may have been a planned, purposeful endeavor by Gamaredon to compromise this Western government institution.”
Additionally, on December 1, 2021, Unit 42 discovered evidence of a Gamaredon campaign targeting Ukraine’s State Migration Service (SMS), which used a Word document as a lure to install the open-source UltraVNC virtual network computing (VNC) software for remote access to compromised PCs.