Ukrainian special providers declare to have discovered the operatives driving the prolific “Armageddon” hacking group, alleging they are Russian FSB officers.
In a short statement, the Security Company of Ukraine (SSU) revealed that the team, also recognised as “Garmaredon,” was liable for in excess of 5000 attacks on the Ukrainian authorities and critical infrastructure assets.
It specific 1500 govt laptop or computer methods intending to steal sensitive details relating to security and defense and blocking data programs, as nicely as attacking electrical power crops and heat and h2o devices, the SSU mentioned.
The five have been reportedly customers of the Crimean FSB prior to defecting to the Russian side after the invasion of the Ukrainian peninsula in 2014. As a result, they’re remaining accused of treason and espionage, malware progress and interference with desktops.
The SSU said it experienced managed to unmask the individuals even with their use of FSB tools to remain hidden on-line.
“The Armageddon hacker team is an FSB exclusive challenge, which specifically qualified Ukraine,” it said. “This ‘line of work’ is coordinated by the FSB’s 18th Heart (Information Security Heart) dependent in Moscow.”
Despite the fact that the folks have not been arrested, the SSU will be hoping to send out a sign to the FSB with this recognize.
The security provider also released a detailed technological document highlighting the group’s TTPs, which include exploitation of legacy Windows vulnerabilities, malware loaded onto detachable media, the EvilGnome Linux backdoor and a customized RAT dubbed “Pteranodon.”
John Hultquist, VP of intelligence assessment at Mandiant, defined that Armageddon has also been noticed attacking world wide targets.
“Due to the ongoing conflict, Ukraine has born early witness to many of Russia’s most aggressive cyber-attack capabilities, from the ability to knock electric power offline to the earliest versions of the pretend ransomware that finally turned NotPetya,” he added.
“If we want to see what’s coming future, we have to be conscious of the lessons previously getting realized in Ukraine and other international locations where cyberattacks are repeated and evolving.”
Some parts of this report are sourced from: