Security News

Microsoft on Friday shared more of the tactics, techniques, and procedures adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations, judiciary, law enforcement, and non-profit organizations with the main goal of exfiltrating sensitive information, maintaining access, and leveraging it to move laterally into related organizations.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.

The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it "Mapped out three large clusters of their infrastructure used to support different phishing and malware purposes."

Symantec finds evidence of continued Russian hacking campaigns in Ukraine. Security researchers at Symantec have presented what they said is further evidence that the Russian advanced persistent threat hacking team known as Shuckworm has been actively waging a cyber espionage campaign against organizations in Ukraine.

Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021. Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon, a cyber-espionage collective known to be active since at least 2013.

Researchers at Symantec's Threat Hunter team, a part of Broadcom Software, have analyzed eight malware samples used by Gamaredon against Ukrainian targets in recent attacks, which could provide essential information for defenders to protect against the ongoing wave attacks. These files launched a VBS file that dropped "Pteranodon," a well-documented backdoor that Gamaredon has been developing and improving for almost seven years now.

The UK's National Cyber Security Centre is urging organizations to bolster security and prepare for a potential wave of destructive cyberattacks after recent breaches of Ukrainian entities. The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyberattacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.

EXCLUSIVE: Hackers associated with the Russian Federation Foreign Intelligence Service continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats. In a report shared exclusively with BleepingComputer, cybersecurity company CrowdStrike today describes in detail the latest tactics, techniques, and procedures observed in cyberattacks from the Cozy Bear state-sponsored hackers.

US-based Tor Project and Russian digital-rights protection org RosKomSvoboda are appealing a Russian court's decision to block access to public Tor nodes and the project's website. The non-profit Tor Project operates the Tor decentralized network, which runs on top of the Internet, allowing users to bypass censorship, access websites anonymously, and visit special Onion URLs accessible only over Tor.