Gamaredon group's activity during Ukrainian counteroffensive - report analyzed by NCSCC

Home > Industry Analysis > Content

【Summary】The Gamaredon group is increasing its cyber activity ahead of Ukraine's counteroffensive. They are stealing classified military information and using compromised documents and legitimate services for covert communications. Their versatile malware arsenal allows them to compromise victims in various ways. Full report available.

FutureCar Staff Aug 31, 2023 7:26 AM PT

Gamaredon group's activity during Ukrainian counteroffensive - report analyzed by NCSCC

A recent report has analyzed the increasing activity of the Gamaredon group in anticipation of Ukraine's counteroffensive. As the conflict escalates, the Russian group has been intensifying its efforts, particularly in attempting to steal classified military information.

The report highlights several key conclusions. Firstly, the Gamaredon group prepared its infrastructure ahead of the Ukrainian counteroffensive, resulting in a significant rise in cyberattacks. Secondly, the group utilizes stolen legitimate documents from compromised organizations to infect victims. These documents are often disguised as reports or official communications, enhancing the success rate of their attacks.

In addition, the Gamaredon group exploits legitimate services such as Telegram and Telegraph for covert network communications. This raises concerns about the use of these platforms in the public sector of Ukraine and calls for potential limitations. Lastly, the group possesses a versatile malware arsenal, including GammaDrop, GammaLoad, GammaSteel, LakeFlash, and Pterodo. This collection of tools allows for a multifaceted approach to compromising victims.

For more detailed information, the full report can be accessed here.