Latvia's Defence Ministry Targeted  

Uploaded on 2023-02-03 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Latvia has been attacked online by a Russian hacking group called Gamaredon, sometimes known as 'Prinitive Bear', who have been delivering a phishing attack on Latvia’s Ministry of Defence (MoD). The cyber defence firm Sekoia report that Gamaredon sent spear-phishing emails to the Latvian MoD officials, pretending to be Ukrainian government officials.

The hackers used the domain name “admou[.]org,” which had previously been associated with the group in attacks meant to steal data and break into networks controlled by Ukraine and its allies. 

At least one recipients at the MoD uploaded the message and attachment to the VirusTotal service for research and scanning after becoming suspicious of it. They found that the email attachment contained malicious code that, when activated, started a series of procedures meant to aid hackers in stealing information from the intended targets within the Ministry of Defence. The MoD says that the Gamaredon group’s attempted phishing attack against it was unsuccessful.

Ukrainian cyber security officials described Gamaredon’s attacks as intrusive and audacious and said the group’s main purpose was “to conduct targeted cyber intelligence operations.”

Latvia’s Computer Emergency Readiness Team (CERT-LV) says that cyber attacks in the country have risen 30% since the start of the war in Ukraine, with the most serious threats posed by pro-Russian hacktivists targeting critical infrastructure, businesses, and Latvia's government. 

Gamaredon has been linked to Russia's FSB spy agency, along with another possible overlapping groups also known as Primitive Bear and has been busy attacking organisations outside of Russia for at least the last decade or so.  Gamaredon hackers tried to hack into a NATO nation’s oil refinery in 2022 using Word documents, it targeted Ukraine’s military and governmental institutions.

Latvia has supported Ukraine since the beginning of the war, providing weapons, humanitarian aid and shelter for Ukrainian refugees. Other Ukrainian allies, especially former Soviet Union members including Estonia and Lithuania, are also reporting an increase in cyber attacks. Norway’s foreign ministry and other institutions have been targeted, according to Norwegian intelligence sources.

Ukraine says that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information Security in Moscow. The group began operations in June 2013, just months before Russia forcibly annexed the Crimean Peninsula from Ukraine.

SSU Ukraine:     Sentinel One:     TEISS:     Sekoia:    The Record:   Guardian:   

You Might Also Read:

Lost Russian Cyber Spies Return:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransom Attack On Financial Services Software Supplier 
UK Cyber Week - London - 4 and 5 April 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.

Leo CybSec

Leo CybSec

Leo CybSec unites a group of Cyber Security experts with 20+ years of collective expertise to help our clients realise and mitigate the cyber challenges and risks facing their business.