Latvia's Defence Ministry Targeted  

Uploaded on 2023-02-03 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Latvia has been attacked online by a Russian hacking group called Gamaredon, sometimes known as 'Prinitive Bear', who have been delivering a phishing attack on Latvia’s Ministry of Defence (MoD). The cyber defence firm Sekoia report that Gamaredon sent spear-phishing emails to the Latvian MoD officials, pretending to be Ukrainian government officials.

The hackers used the domain name “admou[.]org,” which had previously been associated with the group in attacks meant to steal data and break into networks controlled by Ukraine and its allies. 

At least one recipients at the MoD uploaded the message and attachment to the VirusTotal service for research and scanning after becoming suspicious of it. They found that the email attachment contained malicious code that, when activated, started a series of procedures meant to aid hackers in stealing information from the intended targets within the Ministry of Defence. The MoD says that the Gamaredon group’s attempted phishing attack against it was unsuccessful.

Ukrainian cyber security officials described Gamaredon’s attacks as intrusive and audacious and said the group’s main purpose was “to conduct targeted cyber intelligence operations.”

Latvia’s Computer Emergency Readiness Team (CERT-LV) says that cyber attacks in the country have risen 30% since the start of the war in Ukraine, with the most serious threats posed by pro-Russian hacktivists targeting critical infrastructure, businesses, and Latvia's government. 

Gamaredon has been linked to Russia's FSB spy agency, along with another possible overlapping groups also known as Primitive Bear and has been busy attacking organisations outside of Russia for at least the last decade or so.  Gamaredon hackers tried to hack into a NATO nation’s oil refinery in 2022 using Word documents, it targeted Ukraine’s military and governmental institutions.

Latvia has supported Ukraine since the beginning of the war, providing weapons, humanitarian aid and shelter for Ukrainian refugees. Other Ukrainian allies, especially former Soviet Union members including Estonia and Lithuania, are also reporting an increase in cyber attacks. Norway’s foreign ministry and other institutions have been targeted, according to Norwegian intelligence sources.

Ukraine says that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information Security in Moscow. The group began operations in June 2013, just months before Russia forcibly annexed the Crimean Peninsula from Ukraine.

SSU Ukraine:     Sentinel One:     TEISS:     Sekoia:    The Record:   Guardian:   

You Might Also Read:

Lost Russian Cyber Spies Return:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransom Attack On Financial Services Software Supplier 
UK Cyber Week - London - 4 and 5 April 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Noblis

Noblis

Noblis is a dynamic science, technology, and strategy organization dedicated to creating forward-thinking technical and advisory solutions in the public interest.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!

XY Cyber

XY Cyber

XY Cyber enable Generative AI for Cyber Operations. We simplify the complex world of cyber threats into actionable strategies, empowering your defense with AI-powered solutions.