Security News > 2022 > September > Russian hackers use new info stealer malware against Ukrainian orgs
Russian hackers have been targeting Ukrainian entities with previously unseen info-stealing malware during a new espionage campaign that is still active.
Security researchers at Cisco Talos attribute the campaign to Gamaredon, a Russian state-backed threat group with a long history of targeting mainly organizations in the Ukrainian government, critical infrastructure, defense, security, and law enforcement.
Cisco Talos attributed a newly observed espionage campaign to Gamaredon and noticed the use of a new info stealer that can extract from victim computers specific file types as well as deploy additional malware.
Cisco Talos says that Gamaredon's new infostealer can exfiltrate files from attached storage devices, making for each stolen file a POST request with metadata and its content.
During the recursive enumeration of all files in directories, the malware avoids system folders to focus only on files of interest to the threat actor.
Cisco Talos has provided a list of indicators of compromise for malicious documents, LNK files, RAR archives, the new infostealer, URLs, and payload drop sites.
News URL
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware (source)
- YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)