Security News > 2022 > April > Russian state hackers hit Ukraine with new malware variants
Threat analysts report that the Russian state-sponsored threat group known as Gamaredon is launching attacks against targets in Ukraine using new variants of the custom Pteredo backdoor.
According to a report by Symantec, who tracks the group as Shuckworm, the actor is currently using at least four variants of the "Pteredo" malware, also tracked as Pteranodon.
The backdoor's root are in Russian hacker forums from 2016 from where Shuckworm took it and started to develop it privately with specialized DLL modules and features for stealing data, remote access, and analysis evasion.
In all four observed variants, the threat actors use obfuscated VBS droppers that add Scheduled Tasks and then fetch additional modules from the C2. Pteredo.
In those previous attacks, Pteredo backdoor variants were dropped using VBS files hiding inside DOC file attachments on spear-phishing emails.
Pteredo backdoor is still under active development and the threat group could work at an overhauled and much more potent or stealthy version of the malware, as well as modify their attack chain.
News URL
Related news
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- Hackers hijack antivirus updates to drop GuptiMiner malware (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- Poland says Russian military hackers target its govt networks (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)