Security News > 2022 > February > Russian Gamaredon Hackers Targeted 'Western Government Entity' in Ukraine

The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries.

Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "Mapped out three large clusters of their infrastructure used to support different phishing and malware purposes."

The threat actor, also known as Shuckworm, Armageddon, or Primitive Bear, has historically focused its offensive cyber attacks against Ukrainian government officials and organizations since 2013.

To carry out the phishing attack, the operators behind the campaign leveraged a job search and employment platform within the country as a conduit to upload their malware downloader in the form of a resume for an active job listing related to the targeted entity.

"Given the steps and precision delivery involved in this campaign, it appears this may have been a specific, deliberate attempt by Gamaredon to compromise this Western government organization," the researchers noted.

Unit 42 uncovered evidence of a Gamaredon campaign targeting the State Migration Service of Ukraine on December 1, 2021, which used a Word document as a lure to install the open-source UltraVNC virtual network computing software for maintaining remote access to infected computers.

News URL

https://thehackernews.com/2022/02/russian-gamaredon-hackers-targeted.html