A Warning From Ukraine About Russian Hackers
Ukraine's National Security and Defense Council has issued a warning that Russia is setting in motion a large-scale cyber attack as part of its renewed military offensive in the East of the country.
This week, Ukranian CERT has released reports stating that the Russian hacker group Gamaredon, also known as UAC-0010, Primitive Bear, BlueAlpha, ACTINIUM, and Trident Ursa, is increasing its attacks. according to Ukrainian sources, the group is based in Sevastopol in Crimea and follows instructions from the Russian FSB spy agency
Gamaredon Group is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organisations in Ukraine since at least 2013. The name Gamaredon Group comes from a misspelling of the word "Armageddon", which was detected in the adversary's early campaigns
According to Doron Davidson, VP Global Services at Logpoint “Gamaredon has carried out several cyberattacks against Ukraine since it originated in June 2013, a few months before Russia forcibly annexed the Crimean Peninsula... We’ve recently seen significant spikes in their activities and the group remains the most active, intrusive, and pervasive APT.”
The Ukraine State Service of Special Communication and Information Protection says that Gamaredon aims to steal information and use it for espionage using GammaLoad and GammaSteal spyware.
The malware is designed to attack all Windows, Linux, and Android operating systems. These malware variants are custom-made information-stealing implants that can exfiltrate files of specific extensions, steal user credentials, and take screenshots of the victim’s computer.
Logpoint’s investigation into GammaLoad and GammaSteal shows that the malware variants get delivered via spear-phishing emails from compromised government employees, including malicious HTML files, MS Office documents and phishing websites to target devices.
Using the right tools, Logpoint says that Garamedon can be detected and with the use of SOAR, the threat can be neutralized.
SCPC: Gov.ua: Logpoint: Logpoint: Suspilne Media: MITRE:
You Might Also Read:
Cyberwar: Lessons From Ukraine:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible