Email security, Vulnerability Management

Ukraine targeted by new Gamaredon attacks

Share

Ukraine has been facing escalating cyberattacks from Russian state-sponsored hacking group Gamaredon, also known as Shuckworm or Armageddon, since Russia's invasion began six months ago, with the latest wave of attacks reported from July 15 to Aug. 8, according to BleepingComputer. Gamaredon's latest attacks involved the use of phishing messages with a self-extracting 7-Zip archive that facilitates the retrieval of an XML file that prompts PowerShell info-stealer execution, a report from Symantec revealed. Moreover, the Pterodo and Giddome backdoors retrieved through VBS downloaders have also been leveraged by Gamaredon to enable audio recording, screenshot capturing, and keystroke logging and exfiltration, as well as additional payload execution. Remote desktop protocol tools AnyDesk and Ammyy Admin have also been launched in the latest campaign, researchers found. The findings follow the disclosure of Ukraine's Computer Emergency Response Team regarding a novel Gamaredon phishing operation involving the use of compromised email accounts for HTM attachment delivery.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.