Russian Hackers Have New Tools

Uploaded on 2023-11-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

New analysis form CheckPoint Research focuses on Gamaredon, a powerful Russian APT group that stands out for its large-scale espionage & sabotage attack on organisations in Ukraine, demonstrating the group’s evolving tactics which demonstrate flexibility in targeting critical infrastructure.

Also known as Primitive Bear, ACTINIUM and Shuckworm, Gamaredon is prominent player in Russian cyber espionage, with a unique focus on Ukraine.

While many Russian cyber espionage groups operate in the shadows, Gamaredon is conspicuous in its large-scale campaigns, leaving a trail of destruction for Check Point's cyber security researchers to examine.

Gamaredon has recently deployed LitterDrifter is a VBS-written worm designed to spread through USB drives and their latest tool has dual functionalities, which reveal its potential for a global impact with potential infections in countries, far beyond its original targets in Ukraine.

Its primary objectives are automatic spreading over USB drives and establishing communication with a flexible set of command-and-control servers. This strategic design aligns with Gamaredon’s overarching goals, allowing the group to maintain persistent access to its targets.

USB Worm’s Global Reach

While Gamaredon primarily targets Ukrainian entities, the nature of the LitterDrifter worm introduces a global element to its operations. Indications of possible infections have been observed in countries such as the USA, Vietnam, Chile, Poland, Germany, and even Hong Kong.

This suggests that, like other USB worms, LitterDrifter may have spread beyond its originally intended targets, posing a broader threat to cyber security worldwide.

Gamaredon’s Affiliations

Gamaredon distinguishes itself by targeting a wide array of Ukrainian entities, showcasing a relentless commitment to its espionage goals. The Security Service of Ukraine (SSU), the Ukrainian law enforcement authority and main intelligence and security agency in the areas of counter-intelligence activity and combating organised crime has identified Gamaredon personnel as officers from the Russian Federal Security Service (FSB).

The FSB is the Russian internal security and counter-intelligence service responsible for counter-intelligence, anti-terrorism, and surveillance of the military, adding a geopolitical dimension to the group’s activities.

C2 Infrastructure

Gamaredon’s command-and-control infrastructure demonstrates extreme flexibility and volatility, although despite these dynamic characteristics, the infrastructure maintains previously reported patterns and characteristics, indicating a degree of consistency in Gamaredon’s approach.

LitterDrifter doesn’t only rely on groundbreaking techniques and may appear to be a relatively unsophisticated piece of malware. However, Check Point say this apparent simplicity is in line with its goals, mirroring Gamaredon’s overall approach. This method has demonstrated considerable effectiveness, as evidenced by the group’s sustained activities in Ukraine.

Conclusion

As cyber security experts continue to unravel the complexities of state-sponsored cyber espionage, Gamaredon remains a focal point of scrutiny.

The LitterDrifter worm serves as a testament to the group’s adaptability and innovation, showcasing the constant evolution of cyber threats. Understanding and dissecting such malware is crucial in fortifying global cyber security defenses against increasingly sophisticated adversaries.

Image: Mikhail Arefiev

You Might Also Read: 

The Emerging Domain Of Cyber War:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Library Confirms Ransomware Attack
What Is Cyber Hygiene & Why Is It Important? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Viria

Viria

Viria is an information and security technology solution provider that promotes digitalization in a secure way.

NXTsoft

NXTsoft

NXTsoft’s solutions help businesses secure, connect and optimize their data to maximize revenue opportunities, enhance profitability, and mitigate cybersecurity risk.

Network Perception

Network Perception

Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.

CYSEC Global

CYSEC Global

CYSEC Global is a series of summits dedicated to tackle regional cyber security challenges.