#Gamaredon : The Turncoat #Spies Relentlessly #Hacking #Ukraine

For the past decade, this group of #FSB #hackers—including “traitor” #Ukrainian intelligence officers—has used a grinding barrage of #intrusion campaigns to make life hell for their former countrymen and #cybersecurity defenders.
#security #privacy

https://www.wired.com/story/gamaredon-turncoat-spies-hacking-ukraine/

Gamaredon targeted the military mission of a Western country based in Ukraine – Source: securityaffairs.com https://ciso2ciso.com/gamaredon-targeted-the-military-mission-of-a-western-country-based-in-ukraine-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #Cyberwarfare #Intelligence #SecurityNews #hackingnews #Gamaredon #hacking #ukraine #Russia #APT

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine – Source:thehackernews.com https://ciso2ciso.com/gamaredon-uses-infected-removable-drives-to-breach-western-military-mission-in-ukraine-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Gamaredon

Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor – Source: socprime.com https://ciso2ciso.com/gamaredon-campaign-detection-russia-backed-apt-group-targets-ukraine-using-lnk-files-to-spread-remcos-backdoor-source-socprime-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Latestthreats #socprimecom #Gamaredon #Phishing #socprime #Remcos #Blog #APT

Russia-linked Gamaredon targets Ukraine with Remcos RAT – Source: securityaffairs.com https://ciso2ciso.com/russia-linked-gamaredon-targets-ukraine-with-remcos-rat-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #Cyberwarfare #SecurityNews #hackingnews #Cybercrime #Gamaredon #RemcosRAT #hacking #Malware #ukraine #Russia

Gamaredon Targets Troops via Malware

Pulse ID: 67eb266fe6461777fb05efa7
Pulse Link: https://otx.alienvault.com/pulse/67eb266fe6461777fb05efa7
Pulse Author: cryptocti
Created: 2025-03-31 23:34:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Russia-linked #Gamaredon targets Ukraine with #Remcos #RAT
https://securityaffairs.com/176057/cyber-warfare-2/russia-linked-gamaredon-targets-ukraine-with-remcos-rat.html
#securityaffairs #hacking #malware

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

A campaign targeting users in Ukraine with malicious LNK files has been observed since November 2024. The files, using Russian words related to troop movements as lures, run a PowerShell downloader contacting geo-fenced servers in Russia and Germany. The second stage payload uses DLL side loading to execute the Remcos backdoor. The activity is attributed to the Gamaredon threat actor group with medium confidence. The campaign uses the invasion of Ukraine as a theme in phishing attempts, distributing LNK files disguised as Office documents. The servers used are mostly hosted by GTHost and HyperHosting ISPs. The attack chain involves DLL sideloading to load the Remcos backdoor, which communicates with a C2 server on a specific port.

Pulse ID: 67e6c6b5e3b5eec595438366
Pulse Link: https://otx.alienvault.com/pulse/67e6c6b5e3b5eec595438366
Pulse Author: AlienVault
Created: 2025-03-28 15:56:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

(talosintelligence.com) Gamaredon APT Targets Ukraine with Remcos Backdoor Using War-Themed Lures https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/

Cisco Talos is tracking a campaign targeting Ukrainian users with malicious LNK files that deliver the Remcos backdoor. The campaign, attributed with medium confidence to the Gamaredon APT group, uses Russian-language lures related to troop movements in Ukraine. The attack chain involves LNK files that execute PowerShell code to download a ZIP file containing the Remcos backdoor, which is then executed through DLL side-loading techniques. The attackers use geo-fenced servers in Russia and Germany that restrict access to Ukrainian IP addresses. This represents a continuation of Gamaredon's targeting of Ukrainian entities, though their use of the commercial Remcos backdoor marks a shift from their typical custom tooling.

GamaCopy targets Russia mimicking Russia-linked Gamaredon APT – Source: securityaffairs.com https://ciso2ciso.com/gamacopy-targets-russia-mimicking-russia-linked-gamaredon-apt-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #GamaCopyAPT #hackingnews #Gamaredon #hacking #Malware #APT

#GamaCopy targets #Russia mimicking Russia-linked #Gamaredon #APT
https://securityaffairs.com/173501/apt/gamacopy-mimics-russia-linked-gamaredon-apt.html
#securityaffairs #hacking #malware

Experts discovered the first #mobile #malware families linked to #Russia's #Gamaredon
https://securityaffairs.com/171949/apt/gamaredon-used-two-new-android-spyware-tools.html
#securityaffairs #hacking

#Gamaredon, a Russian-linked hacking group, targets mobile devices with #BoneSpy and PlainGnome, #spyware stealing SMS, call logs, location, and photos in former Soviet states.

https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html

Flash drive sharing #malware escapes Україна. #Gamaredon fingered as perps.

A worm spread by sharing #USB drives is breaking free, outside of its primary target. An #APT group tied to the Russian #FSB is said to be responsible—apparently it’s part of #Putin’s #cyberwar against #Ukraine.

#LitterDrifter is at least easily detected and blocked. In today’s #SBBlogwatch, we give thanks for small mercies. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2023/11/litterdrifter-russian-usb-worm-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

USB worm unleashed by Russian state hackers spreads worldwide - Enlarge (credit: Getty Images)

A group of Russian-state hacker... - https://arstechnica.com/?p=1985993 #gamaredon #security #kremlin #biz⁢ #russia #worm #usb

Russian #APT #Gamaredon uses #USB #worm #LitterDrifter against #Ukraine
https://securityaffairs.com/154362/apt/gamaredon-apt-litterdrifter-usb.html
#securityaffairs #Russia #Ukraine #malware

#Russia-linked #APT #Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise
https://securityaffairs.com/148488/apt/gamaredon-ttps.html
#securityaffairs #hacking

#Russia-linked #APT #Gamaredon update TTPs in recent attacks against #Ukraine
https://securityaffairs.com/147497/apt/gamaredon-targets-ukraine-new-ttps.html
#securityaffairs #hacking #malware #Russia

Latvia says Russian hackers tried to phish its Ministry of Defence - The Kremlin-backed Gamaredon hacking group is being blamed for an attempted phishing atta... https://www.bitdefender.com/blog/hotforsecurity/latvia-says-russian-hackers-tried-to-phish-its-ministry-of-defence/ #guestblog #gamaredon #phishing #malware #ukraine #latvia #russia

«#Gamaredon (Ab)uses #Telegram to Target Ukrainian Organizations» #RussianMalware #MalwareObsfuscation #Malware Analysis #IOCs

https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations