all InfoSec news
Gamaredon APT targets Ukrainian government agencies in new campaign
Sept. 15, 2022, 12:02 p.m. | Guilherme Venere (firstname.lastname@example.org)
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence talosintelligence.com
By Asheer Malhotra and Guilherme Venere.
- Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware.
- The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine.
- LNK files, PowerShell and VBScript enable initial access, while malicious binaries are deployed in the post-infection phase.
- We discovered the use of a custom-made information stealer implant that can exfiltrate victim files of interest and deploy additional …
More from talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Chief Information Security Officer
@ Los Angeles Unified School District | Los Angeles
@ Apercen Partners LLC | Folsom, CA
IDM Sr. Security Developer
@ The Ohio State University | Columbus, OH, United States
IT Security Engineer
@ Stylitics | New York City
Information Security Engineer
@ VDA Labs | Remote
Information Security Analyst
@ Metropolitan Transportation Commission | San Francisco, CA
Director of Threat Intelligence
@ McDonald's Corporation | Chicago, IL, United States
Senior Principal Security Engineer - EMEA, Remote
@ GoDaddy | EMEA
Network Security Engineer (Starlink)
@ SpaceX | Redmond, WA, United States
Staff, Cloud Security Engineer
@ Twilio | Remote - US
Senior DevSecOps Engineer
@ Ginger | Remote - United States
Sr Professional Consultant I (Top Secret Clearance)
@ Palo Alto Networks | Las Vegas, NV, United States