Updated attack arsenal unleashed by Gamaredon in Ukraine attacks

Attacks by Russian advanced persistent threat operation Gamaredon against Ukrainian government entities last year involved a plethora of novel tools, according to GBHackers News.

Half a dozen new PowerShell- and VBScript-based malware tools have been leveraged by Gamaredon as part of its increasingly sophisticated attack campaigns last year, including PteroTickle and PteroGraphic, which facilitate lateral compromise and payload distribution, respectively, a report from ESET researchers showed. Aside from significantly overhauling the PteroLNK and PteroPSDoor tools to further evade detection, Gamaredon also utilized the PteroBox tool that enables data exfiltration while preventing repeat file uploads, as well as another payload that opened a Telegram channel with Russian leanings. Gamaredon, which intensified its spear-phishing campaigns in the second half of 2024, was also observed to have used fast-flux DNS and run embedded scripts in temporary directories as part of more robust cyberespionage efforts. ESET expects Gamaredon to further refine its attack arsenal amid persisting tensions between Russia and Ukraine.