Collaborate Disseminate
The Kremlin-backed Gamaredon hacking group is being blamed for an attempted phishing attack against the Latvian Ministry of Defence.
Read more in my article on the Hot for Security blog. Continue reading Latvia says Russian hackers tried to phish its Ministry of Defence
Russian cyber attacks on Ukraine continue unabated, official says.
The post Russian attempts to phish Ukrainian targets with ‘war crimes’ lures unsuccessful so far, official says appeared first on CyberScoop.
A series of cyberattacks on Ukrainian institutions over the past few weeks — including website defacement, computer-wiping malware and phishing campaigns — have the hallmarks of hacking activity associated with the Russian government, but conclusive attribution remains elusive. Research published Thursday, however, shows how a known Russia-linked hacking group, Gamaredon, could be involved in active targeting of Ukrainian targets, including an attempt to compromise a Western government entity in Ukraine on Jan. 19. The findings, published by Palo Alto Networks’ Unit 42 threat intelligence unit, focus on the group as the Russian military amasses more than 100,000 troops along its border with Ukraine. The U.S. and other NATO governments say it’s preparation for a dramatic military escalation. Unit 42 makes clear that its research does not directly tie Gamaredon to the recent high-profile attacks. The team says it mapped out three “large clusters” of Gamaredon infrastructure that are used to support […]
The post Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say appeared first on CyberScoop.
Researchers at Symantec say they have identified some of the specific tactics used by a Russia-linked hacking operation that Ukraine’s government outed in November of last year. The cyber-espionage group, commonly labeled as Gamaredon or Armageddon, is known for using phishing emails to try to install remote access tools on victims’ computers, with the goal of exfiltrating data. Symantec’s Threat Hunter Team published a blog post Monday explaining how the spies used infected Microsoft Word attachments in mid-2021 to implant backdoor files allowing for the delivery of more malware. The researchers don’t specify who was targeted in their case study. The goal is to highlight the tactics, techniques and procedures (TTP) in question, especially if the Russia-Ukraine conflict boils over in the coming weeks, they say. “We do not expect to see reemergence of these TTPs until just prior or during active conflict,” the team told CyberScoop. As tensions between […]
The post Researchers detail Russia-linked group’s cyber-espionage tactics in Ukraine appeared first on CyberScoop.
Continue reading Researchers detail Russia-linked group’s cyber-espionage tactics in Ukraine
Ukraine’s top law enforcement agency published a detailed analysis Thursday outing what it says are Russian hackers and “traitors who sided with the enemy” behind a sweeping campaign that began in 2014. The hackers, according to the Security Service of Ukraine, are responsible for more than 5,000 cyberattacks on Ukrainian state entities and critical infrastructure that attempted to “infect” more than 1,500 government computer systems. The report says the Russian intelligence agency the Federal Security Service (FSB) is behind the “Armageddon” group, known more broadly outside Ukrainian borders as Gamaredon or Primitive Bear. It’s distinct from other Russian intelligence and military hacking groups behind attacks on targets around the world, including the infamous hacks of the Democratic National Committee and Hillary Clinton’s campaign ahead of the 2016 elections. Armageddon dates back to 2013 or 2014, the Ukrainian report says, making it “relatively young,” but nevertheless worthy of attention and “able […]
The post Ukraine exposes expansive Russian hacking operation targeting its government, infrastructure appeared first on CyberScoop.
Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the former Soviet republic. And recently, it looks like those hackers returned with a new campaign targeting Ukrainian government officials, threat researchers say. Gamaredon — also known as Primitive Bear — is behind the malicious cyber activity, Anomali concluded with “high confidence” in research shared with CyberScoop in advance of its publication. The campaign first appeared in January and ran through at least mid-March, Anomali said. Publication of the research coincides with escalating tensions between the two nations, with a Russian troop buildup along the Ukrainian border. “This one is interesting because the alignment of real world events is just another indication of potential hybrid warfare that Russia is known to engage in,” said Gage Mele, lead cyber threat intelligence analyst at Anomali. It caps a busy period for Gamaredon, […]
The post ‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions appeared first on CyberScoop.
Continue reading ‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions
InvisiMole is back, targeting Eastern Europe organizations in the military sector and diplomatic missions with an updated toolset and new APT partnership. Continue reading InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership
The Gamaredon APT has started using a new VBA macro to target Microsoft Outlook victims’ contact lists. Continue reading Microsoft Outlook Users Targeted By Gamaredon’s New VBA Macro
The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on We… Continue reading Gamaredon APT Improves Toolset to Target Ukraine Government, Military
A suspected Russian hacking campaign that’s resulted in attacks against Ukrainian military and government agencies also has affected journalists, law enforcement and nongovernmental organizations, according to new findings. Gamaredon, a hacking group that has been active since 2013 and mostly haunted Ukrainian government targets, has broadened its reach within that country, the threat intelligence company Anomali said in research published Dec. 5. Anomali did not identify any Gamaredon targets by name, other than the Ministry of Foreign Affairs, and said it remains unclear if attackers successfully have breached the targeted people and organizations. The attempted attacks were ongoing as of Dec. 6 after beginning in mid-September, Anomali said. If Gamaredon is behind the hacking attempts, as Anomali has assessed, the campaign represents an expansion of the group’s interests. The advanced persistent threat (APT) group, which Fortinet previously reported has “strong Russian ties,” based on a language analysis, has sought to breach Ukrainian public […]
The post Possible APT attacks against Ukraine expand to target journalists, researchers say appeared first on CyberScoop.
Continue reading Possible APT attacks against Ukraine expand to target journalists, researchers say