Security News > 2022 > April > Russian state hackers hit Ukraine with new malware variants
Threat analysts report that the Russian state-sponsored threat group known as Gamaredon is launching attacks against targets in Ukraine using new variants of the custom Pteredo backdoor.
According to a report by Symantec, who tracks the group as Shuckworm, the actor is currently using at least four variants of the "Pteredo" malware, also tracked as Pteranodon.
The backdoor's root are in Russian hacker forums from 2016 from where Shuckworm took it and started to develop it privately with specialized DLL modules and features for stealing data, remote access, and analysis evasion.
In all four observed variants, the threat actors use obfuscated VBS droppers that add Scheduled Tasks and then fetch additional modules from the C2. Pteredo.
In those previous attacks, Pteredo backdoor variants were dropped using VBS files hiding inside DOC file attachments on spear-phishing emails.
Pteredo backdoor is still under active development and the threat group could work at an overhauled and much more potent or stealthy version of the malware, as well as modify their attack chain.
News URL
Related news
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)