all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Gamaredon APT targets Ukrainian government agencies in new campaign

Add to bookmarks
Sept. 15, 2022, 12:02 p.m. | Guilherme Venere (noreply@blogger.com)

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com


By Asheer Malhotra and Guilherme Venere.

  • Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware.
  • The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine.
  • LNK files, PowerShell and VBScript enable initial access, while malicious binaries are deployed in the post-infection phase.
  • We discovered the use of a custom-made information stealer implant that can exfiltrate victim files of interest and deploy additional …

apt campaign gamaredon gamaredon apt government infostealer malware securex ukraine ukrainian

Visit resource

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation? 3 hours ago | blog.talosintelligence.com
account blocked court disinformation +8
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal 1 day, 9 hours ago | blog.talosintelligence.com
cisco cisco talos code confidential +20
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials 2 days, 9 hours ago | blog.talosintelligence.com
attacks brute brute-force cisco +24
The internet is already scary enough without April Fool’s jokes 1 week ago | blog.talosintelligence.com
april backdoor community internet +7
Vulnerability in some TP-Link routers could lead to factory reset 1 week, 1 day ago | blog.talosintelligence.com
amd directx driver factory +10
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution 1 week, 2 days ago | blog.talosintelligence.com
april code code execution critical +10
Starry Addax targets human rights defenders in North Africa with new malware 1 week, 2 days ago | blog.talosintelligence.com
activists actor africa cisco +18
There are plenty of ways to improve cybersecurity that don’t involve making workers return to … 2 weeks ago | blog.talosintelligence.com
actions april cybersecurity don +14
CoralRaider targets victims’ data and social media accounts 2 weeks ago | blog.talosintelligence.com
accounts actor calling cisco +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Transfer GMP Compliance Officer

@ Pharmathen | Sapes, East Macedonia and Thrace, Greece
View on infosec-jobs.com

Security Cyber Consultant DRC (m/w/d)

@ Atos | Berlin, DE, D-13353
View on infosec-jobs.com

Penetration Tester - InfoSec

@ Rapid7 | NIS Belfast
View on infosec-jobs.com

Cyber Vulnerability Lead

@ Under Armour | Remote, US
View on infosec-jobs.com
View more jobs