Threat Intelligence, Malware

Russian APT Gamaredon targets Ukraine with new LNK

Flags of Russia and Ukraine. No war. Peace. Relationship between Ukraine and Russia.

Security researchers have detailed the evolving tactics of the Russian-affiliated threat group Gamaredon, particularly its use of the PteroLNK variant within the Pterodo malware family, GBHackers reports.

Known for targeting Ukrainian military, government, and infrastructure sectors, the group leverages obfuscated VBScript malware to maintain persistent access and dynamically deploy payloads. The campaign uses a combination of scheduled tasks, Windows Explorer tweaks, and frequent downloader activity to connect with a multi-stage command-and-control infrastructure. Gamaredon relies on Dead Drop Resolvers hosted on platforms like Telegraph, disguising connectivity checks with benign domains and using Cloudflare quick tunnels to obscure C2 communications. Analysts observed ongoing malware activity from late 2024 through March 2025, revealing Gamaredons operational agility and consistent use of military-themed lures. Attribution to the group is supported by domain reuse, infrastructure overlap, and links to Russias FSB. Experts warn that while not highly sophisticated, Gamaredons persistent spearphishing and agile operations present a serious geopolitical cybersecurity threat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds