Security News > 2023 > January > Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country.

"The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location, and then finally leads the victim to the next stage server for the final payload," the BlackBerry Research and Intelligence Team said in a report shared with The Hacker News.

The latest findings from BlackBerry demonstrate an evolution in the group's tactics, wherein a hard-coded Telegram channel is used to fetch the IP address of the server hosting the malware.

It's also worth pointing out that the heavily obfuscated VBA script is only delivered if the target's IP address is located in Ukraine.

"The threat group changes IP addresses dynamically, which makes it even harder to automate analysis through sandbox techniques once the sample has aged out," BlackBerry pointed out.

The development comes as the Computer Emergency Response Team of Ukraine attributed a destructive malware attack targeting the National News Agency of Ukraine to the Russia-linked Sandworm hacking group.

News URL

https://thehackernews.com/2023/01/gamaredon-group-launches-cyberattacks.html