Ukraine’s leading regulation enforcement and counterintelligence agency on Thursday disclosed the true identities of 5 people allegedly associated in cyberattacks attributed to a cyber-espionage team named Gamaredon, linking the associates to Russia’s Federal Security Support (FSB).
Calling the hacker group “an FSB distinctive project, which specifically specific Ukraine,” the Security Assistance of Ukraine (SSU) stated the perpetrators “are officers of the ‘Crimean’ FSB and traitors who defected to the enemy in the course of the occupation of the peninsula in 2014.”
The names of the 5 men and women the SSU alleges are part of the covert procedure are Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych, and Sushchenko Oleh Oleksandrovych.
Because its inception in 2013, the Russia-linked Gamaredon team (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) has been accountable for a quantity of malicious phishing strategies, generally aimed at Ukrainian institutions, with the aim of harvesting labeled information from compromised Windows units for geopolitical gains.
The menace actor is thought to have carried out no fewer than 5,000 cyberattacks towards community authorities and critical infrastructure found in the country, and attempted to infect more than 1,500 govt laptop or computer units, with most attacks directed at security, defense, and law enforcement companies to attain intelligence info.
“Contrary to other APT groups, the Gamaredon team seems to make no exertion in making an attempt to stay under the radar,” Slovak cybersecurity company ESET famous in an evaluation published in June 2020. “Even though their resources have the ability to down load and execute arbitrary binaries that could be considerably stealthier, it appears to be that this group’s key aim is to distribute as considerably and speedy as feasible in their target’s network when trying to exfiltrate data.”
In addition to its major reliance on social engineering methods as an intrusion vector, Gamaredon is known to have invested in a vary of equipment for scything by way of organizations’ defenses that are coded in a wide range of programming languages these types of as VBScript, VBA Script, C#, C++, as effectively as making use of CMD, PowerShell, and .NET command shells.
“The group’s functions are characterised by intrusiveness and audacity,” the agency pointed out in a specialized report.
Main among its malware arsenal is a modular remote administration tool named Pterodo (aka Pteranodon) that arrives with remote access abilities, keystroke logging, the potential to get screenshots, access microphone, and also down load further modules from a remote server. Also set to use is a .NET-dependent file stealer that’s built to obtain information with the pursuing extensions: *.doc, *.docx, *.xls, *.rtf, *.odt, *.txt, *.jpg, and *.pdf.
A 3rd resource problems a malicious payload that is engineered to distribute the malware by way of linked removable media, in addition to accumulating and siphoning details saved in individuals gadgets.
“The SSU is continually using techniques to incorporate and neutralize Russia’s cyber aggression against Ukraine,” the agency stated. “Founded as a unit of the so-called ‘FSB Office of Russia in the Republic of Crimea and the metropolis of Sevastopol,’ this team of people today acted as an outpost […] from 2014 purposefully threatening the proper performing of point out bodies and critical infrastructure of Ukraine.”
Discovered this post attention-grabbing? Stick to THN on Fb, Twitter and LinkedIn to browse more distinctive content we post.
Some elements of this post are sourced from: