HQ/EMEAFind out how we can help your business
The Russian-linked advanced persistent threat group, Gamaredon, is executing another series of phishing campaigns targeting Ukrainian government agencies. CERT-UA, the government-owned cybersecurity agency in Ukraine, has continued to monitor and track the activities of the earlier-mentioned group. One of their recent observations has resulted in the discovery of a new campaign.
Based on reports, the new Gamaredon campaign has portrayed sophisticated and excellent skills in stealing information from targeted systems. Researchers said that the attackers completed their campaign in less than an hour.
This cybercriminal incident is looking to target Ukrainian entities, such as the military, government, and security services sector.
The Gamaredon group only needs minutes to execute their data-stealing attack.
According to an investigation, the Gamaredon group only needs 30 to 50 minutes to steal their targeted data after their malicious documents run on the compromised system.
The group sometimes leveraged the legitimate AnyDesk software app to deploy PowerShell and steal data by acquiring remote computer access. In addition, the group prioritises stealing files with specific extensions, like [.]doc, [.]xls, [.]docs, [.]xlsx, [.]jpg, [.]jpeg, and [.]zip.
Furthermore, the researchers state that the Gamaredon operators have planted as many as 120 malicious archives per week on the infected systems to maintain their persistence. New research also revealed that the actors used the technique to allow them to reinfect the device.
Separate researchers also noticed that the Gamaredon group participates in other campaigns, like developing USB flash drives containing malware. This tactic from the attackers has allowed them to increase their malware distribution through USB flash drives.
These attackers have also constantly evolved their attack chain to bypass security detection at the network level. Lastly, the researchers noticed that the IP addresses of intermediate control nodes change 3 to 6 times a day. This detail implies that the threat actors rely on automation as part of their attack strategy.
Experts recommend that organisations adopt real-time threat alerting solutions to remain updated about the new TTPs that threat groups adopt, like the Gamaredon APT. Finally, organisations could leverage IOCS connected with the attackers to obtain tactical intelligence that could allow them to increase their defences.
