September 29, 2023

The Moscow-backed hacking group referred to as Gamaredon is ramping up its assaults on Ukraine’s navy and authorities companies amid the nation’s long-awaited counteroffensive.

Ukraine’s push is seen as a pivotal part within the ongoing conflict. Western allies, together with the U.S., are carefully monitoring the nation’s navy developments, offering weapons to assist Kyiv’s efforts. However Russia is making an attempt to disrupt Ukraine’s offensive operation each on the battlefield and in our on-line world.

Gamaredon hackers, specifically, have not too long ago stepped up their efforts towards Ukrainian navy organizations and authorities entities, in accordance with a report printed Thursday by Ukraine’s Nationwide Coordination Middle for Cybersecurity (NCCC).

Gamaredon operates from the Russian-annexed Crimean peninsula and acts on orders from Russia’s Federal Safety Service (FSB) in Moscow.

The first aims of its assaults are espionage and information theft, in accordance with cybersecurity consultants and authorities officers. In a earlier report, the Ukrainian laptop emergency response workforce (CERT-UA), stated that the group has additionally been linked to at the very least one damaging cyberattack towards an unspecified info infrastructure facility.

Learn Extra: GRU hacking instruments focusing on Ukrainian navy gadgets detailed by 5 Eyes

Earlier than Ukraine’s counteroffensive started in June of this yr, Gamaredon ready its infrastructure to launch cyberattacks by registering new domains and subdomains. This infrastructure was later used to focus on Ukrainian navy and safety organizations, NCCC stated.

To cover its exercise from targets and researchers, the group’s malware retrieves domains from professional companies comparable to Cloudflare, Telegram, and Telegraph as an alternative of utilizing its actual IP addresses.

The Ukrainian authorities is contemplating proscribing using Telegram and Telegraph companies to higher detect exercise from menace actors like Gamaredon, in accordance with NCCC.

Gamaredon phishing campaigns stand out as a consequence of their use of professional paperwork stolen from compromised entities. The malicious emails are sometimes disguised as stories or official communications, in accordance with NCCC.

Gamaredon’s malware toolkit contains GammaDrop, GammaLoad, GammaSteel and LakeFlash, however it’s always evolving.

One of many group’s most distinctive malware strains is Pterodo — a multipurpose device designed for espionage and information exfiltration. Ukrainian researchers known as it “a potent menace, able to infiltrating and compromising focused programs with precision.”

Whereas Gamaredon is just not probably the most technically superior hacking group focusing on Ukraine, “the rising frequency of their assaults recommend an enlargement within the hacker’s operational capability and sources,” the analysis stated. “The alignment of their actions with vital navy occasions amplifies the group’s potential affect.”

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information based mostly in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Impartial and The Kyiv Submit.