Cybersecurity researchers on Monday explained they uncovered evidence of tried attacks by a Russia-joined hacking operation targeting a Ukrainian entity in July 2021.
Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective regarded to be energetic considering that at minimum 2013.
In November 2021, Ukrainian intelligence companies branded the team as a “specific task” of Russia’s Federal Security Support (FSB), in addition to pointing fingers at it for carrying out more than 5,000 cyberattacks towards general public authorities and critical infrastructure located in the country.

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Gamaredon attacks generally originate with phishing e-mails that trick the recipients into installing a custom distant accessibility trojan known as Pterodo. Symantec disclosed that, between July 14, 2021 and August 18, 2021, the actor put in several variants of the backdoor as very well as deployed additional scripts and tools.
“The attack chain started with a malicious doc, very likely despatched by way of a phishing email, which was opened by the consumer of the contaminated machine,” the scientists claimed. The id of the impacted firm was not disclosed.
Toward the finish of July, the adversary leveraged the implant to down load and run an executable file that acted as a dropper for a VNC customer ahead of creating connections with a distant command-and-control server beneath their handle.
“This VNC client appears to be the top payload for this attack,” the researchers pointed out, adding the installation was followed by accessing a range of paperwork ranging from position descriptions to delicate company info on the compromised machine.
Ukraine Calls Out False Flag Operation in Wiper Attacks
The findings arrive amidst a wave of disruptive and harmful attacks levied from Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, close to the exact same time numerous web-sites belonging to the government have been defaced.
Subsequent investigation into the malware has considering that unveiled that the code used in the wiper was re-purposed from a faux ransomware campaign referred to as WhiteBlackCrypt that was aimed at Russian victims in March 2021.
Curiously, the ransomware is regarded to incorporate a trident image — that is element of Ukraine’s coat of arms — in the ransom notice it shows to its victims, leading Ukraine to suspect that this might have been a untrue flag operation intentionally supposed to blame a “fake” pro-Ukrainian group for staging an attack on their individual federal government.
Discovered this short article exciting? Comply with THN on Facebook, Twitter and LinkedIn to read through a lot more exceptional information we write-up.
Some components of this write-up are sourced from:
thehackernews.com