Russian Hackers Have New Tools

Uploaded on 2023-11-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

New analysis form CheckPoint Research focuses on Gamaredon, a powerful Russian APT group that stands out for its large-scale espionage & sabotage attack on organisations in Ukraine, demonstrating the group’s evolving tactics which demonstrate flexibility in targeting critical infrastructure.

Also known as Primitive Bear, ACTINIUM and Shuckworm, Gamaredon is prominent player in Russian cyber espionage, with a unique focus on Ukraine.

While many Russian cyber espionage groups operate in the shadows, Gamaredon is conspicuous in its large-scale campaigns, leaving a trail of destruction for Check Point's cyber security researchers to examine.

Gamaredon has recently deployed LitterDrifter is a VBS-written worm designed to spread through USB drives and their latest tool has dual functionalities, which reveal its potential for a global impact with potential infections in countries, far beyond its original targets in Ukraine.

Its primary objectives are automatic spreading over USB drives and establishing communication with a flexible set of command-and-control servers. This strategic design aligns with Gamaredon’s overarching goals, allowing the group to maintain persistent access to its targets.

USB Worm’s Global Reach

While Gamaredon primarily targets Ukrainian entities, the nature of the LitterDrifter worm introduces a global element to its operations. Indications of possible infections have been observed in countries such as the USA, Vietnam, Chile, Poland, Germany, and even Hong Kong.

This suggests that, like other USB worms, LitterDrifter may have spread beyond its originally intended targets, posing a broader threat to cyber security worldwide.

Gamaredon’s Affiliations

Gamaredon distinguishes itself by targeting a wide array of Ukrainian entities, showcasing a relentless commitment to its espionage goals. The Security Service of Ukraine (SSU), the Ukrainian law enforcement authority and main intelligence and security agency in the areas of counter-intelligence activity and combating organised crime has identified Gamaredon personnel as officers from the Russian Federal Security Service (FSB).

The FSB is the Russian internal security and counter-intelligence service responsible for counter-intelligence, anti-terrorism, and surveillance of the military, adding a geopolitical dimension to the group’s activities.

C2 Infrastructure

Gamaredon’s command-and-control infrastructure demonstrates extreme flexibility and volatility, although despite these dynamic characteristics, the infrastructure maintains previously reported patterns and characteristics, indicating a degree of consistency in Gamaredon’s approach.

LitterDrifter doesn’t only rely on groundbreaking techniques and may appear to be a relatively unsophisticated piece of malware. However, Check Point say this apparent simplicity is in line with its goals, mirroring Gamaredon’s overall approach. This method has demonstrated considerable effectiveness, as evidenced by the group’s sustained activities in Ukraine.

Conclusion

As cyber security experts continue to unravel the complexities of state-sponsored cyber espionage, Gamaredon remains a focal point of scrutiny.

The LitterDrifter worm serves as a testament to the group’s adaptability and innovation, showcasing the constant evolution of cyber threats. Understanding and dissecting such malware is crucial in fortifying global cyber security defenses against increasingly sophisticated adversaries.

Image: Mikhail Arefiev

You Might Also Read: 

The Emerging Domain Of Cyber War:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Library Confirms Ransomware Attack
What Is Cyber Hygiene & Why Is It Important? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

ITrust

ITrust

French cybersecurity pure player since 2007. ITrust offers its Cyber expertise services and develops disruptive products in Cyber/Artificial Intelligence.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

CyberSN

CyberSN

CyberSN is your essential partner in cybersecurity workforce risk management offering solutions that empower leaders to diversify, acquire, retain, and develop their cybersecurity teams.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

HALOCK Security Labs

HALOCK Security Labs

HALOCK is an information security consultancy providing both strategic and technical security offerings.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Yotta Infrastructure Solutions

Yotta Infrastructure Solutions

Yotta Infrastructure, a Hiranandani group company, provide Datacenter Colocation and Tech Services such as Cloud services, Network & Connectivity, IT Security and IT Management services.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.