Russian Hackers Have New Tools

Uploaded on 2023-11-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

New analysis form CheckPoint Research focuses on Gamaredon, a powerful Russian APT group that stands out for its large-scale espionage & sabotage attack on organisations in Ukraine, demonstrating the group’s evolving tactics which demonstrate flexibility in targeting critical infrastructure.

Also known as Primitive Bear, ACTINIUM and Shuckworm, Gamaredon is prominent player in Russian cyber espionage, with a unique focus on Ukraine.

While many Russian cyber espionage groups operate in the shadows, Gamaredon is conspicuous in its large-scale campaigns, leaving a trail of destruction for Check Point's cyber security researchers to examine.

Gamaredon has recently deployed LitterDrifter is a VBS-written worm designed to spread through USB drives and their latest tool has dual functionalities, which reveal its potential for a global impact with potential infections in countries, far beyond its original targets in Ukraine.

Its primary objectives are automatic spreading over USB drives and establishing communication with a flexible set of command-and-control servers. This strategic design aligns with Gamaredon’s overarching goals, allowing the group to maintain persistent access to its targets.

USB Worm’s Global Reach

While Gamaredon primarily targets Ukrainian entities, the nature of the LitterDrifter worm introduces a global element to its operations. Indications of possible infections have been observed in countries such as the USA, Vietnam, Chile, Poland, Germany, and even Hong Kong.

This suggests that, like other USB worms, LitterDrifter may have spread beyond its originally intended targets, posing a broader threat to cyber security worldwide.

Gamaredon’s Affiliations

Gamaredon distinguishes itself by targeting a wide array of Ukrainian entities, showcasing a relentless commitment to its espionage goals. The Security Service of Ukraine (SSU), the Ukrainian law enforcement authority and main intelligence and security agency in the areas of counter-intelligence activity and combating organised crime has identified Gamaredon personnel as officers from the Russian Federal Security Service (FSB).

The FSB is the Russian internal security and counter-intelligence service responsible for counter-intelligence, anti-terrorism, and surveillance of the military, adding a geopolitical dimension to the group’s activities.

C2 Infrastructure

Gamaredon’s command-and-control infrastructure demonstrates extreme flexibility and volatility, although despite these dynamic characteristics, the infrastructure maintains previously reported patterns and characteristics, indicating a degree of consistency in Gamaredon’s approach.

LitterDrifter doesn’t only rely on groundbreaking techniques and may appear to be a relatively unsophisticated piece of malware. However, Check Point say this apparent simplicity is in line with its goals, mirroring Gamaredon’s overall approach. This method has demonstrated considerable effectiveness, as evidenced by the group’s sustained activities in Ukraine.

Conclusion

As cyber security experts continue to unravel the complexities of state-sponsored cyber espionage, Gamaredon remains a focal point of scrutiny.

The LitterDrifter worm serves as a testament to the group’s adaptability and innovation, showcasing the constant evolution of cyber threats. Understanding and dissecting such malware is crucial in fortifying global cyber security defenses against increasingly sophisticated adversaries.

Image: Mikhail Arefiev

You Might Also Read: 

The Emerging Domain Of Cyber War:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Library Confirms Ransomware Attack
What Is Cyber Hygiene & Why Is It Important? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Original Software

Original Software

Original Software offers a test automation solution focused completely on the goal of effective software quality management.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Cyber Police of Ukraine

Cyber Police of Ukraine

Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cyber crime.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

eCloudvalley Digital Technology

eCloudvalley Digital Technology

eCloudvalley Digital Technology is a born-in-the-cloud partner focused entirely on AWS services across APAC region.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.

GIS Consulting (GISPL)

GIS Consulting (GISPL)

From General Data Protection Regulations to advanced Network Infrastructure Audits, GIS Consulting has established a reputation as one the leading cyber security companies in the industry.