Russia-backed Gamaredon still ‘most engaged’ hacker group in Ukraine

Avatar

The Russia-backed threat actor known as Gamaredon has improved its cyberespionage capabilities in Ukraine and remains “the most engaged” state-sponsored hacker group in the country, according to a new report.

Gamaredon, also tracked as Armageddon, has been active since at least 2013 and likely operates from the Russian-annexed Crimean peninsula. The group is believed to act on orders from Russia’s Federal Security Service (FSB).

While the majority of Gamaredon’s attacks target Ukrainian governmental institutions, researchers at the Slovak-based cybersecurity firm ESET discovered that since Russia’s invasion of Ukraine in 2022 the group has also attempted to attack Ukraine’s allies in several NATO countries, including Bulgaria, Latvia, Lithuania, and Poland.

The volume of Gamaredon’s attacks on Ukraine is prolific, researchers said. In 2022 and 2023, they observed more than a thousand unique devices in Ukraine targeted by the group.

Gamaredon has introduced multiple new tools to its arsenal but it is still not technically sophisticated, and the hackers hardly bother to hide their activity, according to the researchers. Its operators “are reckless and do not mind being discovered by defenders during their operations,” they said.

However, the hackers put in significant effort to avoid being blocked by security products and try hard to maintain access to compromised systems by frequently updating their tools and regularly changing obfuscation techniques.

To gain initial access to victims’ systems, the group primarily relies on spearphishing campaigns, using custom malware to infect Word documents and USB drives.

Ukraine has previously warned about the cyber threats posed by Gamaredon, referring to the group as “one of the most active and dangerous threat actors targeting Ukraine during its war with Russia.” In August, Gamaredon targeted Ukraine’s military and government agencies during the country’s long-anticipated counteroffensive.

In 2022, the group attempted to compromise a large petroleum refining company within a NATO member state. And in June, two hackers likely linked to Gamaredon were sanctioned by the European Council for attacks on the EU.

ESET claims that Gamaredon’s primary focus remains Ukraine, and “this trend will continue without significant shifts in targeting.”

NewsNation-stateNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Ransomware incidents hit 117 countries in 2023, task force says

Next Post

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

Related Posts

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as
Avatar
Read More