Russia-Linked Group Gamaredon Targets Ukraine with USB-Propagated Malware

Ukraine has been the target of persistent cyberattacks for years. It has faced a range of threat actors, including state-sponsored groups and financially motivated criminals. One of the most active and determined of these groups is Gamaredon. The group’s main focus is espionage, primarily related to Ukraine and its ongoing conflict with Russia. Recent reports have highlighted that Gamaredon has adopted a new tactic to spread its malware via USB drives.

Gamaredon’s Activities in Ukraine

Gamaredon has been active since at least mid-2013, and has focused on targeting individuals and entities in Ukraine. The group is also tracked under different names such as Armageddon, Primitive Bear, Shuckworm, and Trident Ursa. Most of these names are linked to Russia’s Federal Security Service (FSB), indicating that Gamaredon is likely operating on behalf of the FSB.

Attempts to steal sensitive information and gain long-term access have been ongoing

Gamaredon has demonstrated an impressive ability to infiltrate the networks of its targets and maintain long-term access. According to Symantec, the hacking group has obtained long-term access to victim networks, sometimes for as long as three months. During this time, Gamaredon repeatedly attempts to steal sensitive information related to the war between Ukraine and Russia, such as military secrets or diplomatic data.

New tactics are being used by Gamaredon

To remain effective and evade detection, Gamaredon has had to constantly adapt. On the technical side, the group has been using updated tools, fresh infrastructure, and new tactics. For example, in recent attacks, a new PowerShell script was used to spread the group’s custom backdoor, named Pterodo, via USB drives. These USB drives are likely used by the attackers for lateral movement across victim networks and to help them reach air-gapped machines within targeted organizations.

The use of USB drives for lateral movement

Symantec has identified multiple systems that appear to have been compromised after being infected through USB drives. This tactic is not new, but it indicates that Gamaredon is willing to use established methods to achieve its objectives. The USB drives are likely carrying a Trojan program that will execute as soon as they physically connect to the target machine.

Identifying compromised systems and the use of legitimate services

As well as identifying systems that have been compromised, Symantec has also spotted Gamaredon’s use of legitimate services, such as Telegram, for command-and-control (C&C) infrastructure. This technique allows the hackers to blend in with normal traffic and makes it harder for defenders to spot and block any suspicious activity.

The recent Gamaredon campaign

According to Symantec, the most recent Gamaredon campaign started in February-March 2021. The campaign focuses on systems containing sensitive military information. Indications in some organizations suggest that the attackers are targeting the machines of the organizations’ human resources departments, indicating that information about individuals working at the various organizations is a priority for the attackers, among other things.

Targeting individuals and human resources departments

One of the worrying aspects of the latest Gamaredon campaign is that it appears to be targeting individuals as well as organizations. Human resources departments may have been targeted to allow the hackers to access details about the employees of the organizations. This information could then be used to launch further attacks on selected individuals within the target organization.

Gamaredon has been a persistent threat to Ukraine for several years, and the group continues to evolve its tactics. Its recent use of USB-propagated malware is a reminder that established threat actors may still choose to rely on relatively old techniques if they are still effective. The group’s ability to maintain long-term persistent access to compromised networks and adopt new tactics means that it remains a serious threat to Ukraine and other neighboring countries. Defenders need to remain vigilant and continually assess their security arrangements to ensure they have a chance to detect and block Gamaredon’s activities.

Explore more

How Can Small Businesses Master Online Marketing Success?

Introduction Imagine a small business owner struggling to attract customers in a bustling digital marketplace, where competitors seem to dominate every search result and social feed, making it tough to stand out. This scenario is all too common, as many small enterprises face the daunting challenge of gaining visibility online with limited budgets and resources. The importance of mastering online

How Is AI-Powered Search Transforming B2B Marketing?

Setting the Stage for a New Era in B2B Marketing Imagine a B2B buyer navigating a complex purchasing decision, no longer sifting through endless search results but receiving precise, context-driven answers instantly through an AI-powered tool. This scenario is not a distant vision but a reality shaping the marketing landscape today. AI-powered search technologies are revolutionizing how B2B buyers discover

Managed Services: Key to Exceptional Customer Experiences

In an era where customer expectations are skyrocketing, businesses, particularly those operating contact centers, face immense pressure to deliver flawless interactions at every touchpoint. While the spotlight often falls on frontline agents who engage directly with customers, there’s a critical force working tirelessly behind the scenes to ensure those interactions are smooth and effective. Managed Services, often overlooked, serve as

How Has Customer Experience Evolved Across Generations?

What happens when a single family gathering brings together a Millennial parent obsessed with seamless online ordering, a Gen Z teen who only supports brands with a social cause, and a Gen Alpha child captivated by interactive augmented reality games—all expecting tailored experiences from the same company? This clash of preferences isn’t just a household debate; it’s a vivid snapshot

Korey AI Transforms DevOps with Smart Project Automation

Imagine a software development team buried under an avalanche of repetitive tasks—crafting project stories, tracking dependencies, and summarizing progress—while the clock ticks relentlessly toward looming deadlines, and the pressure to deliver innovative solutions mounts with each passing day. In an industry where efficiency can make or break a project, the integration of artificial intelligence into project management offers a beacon