silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
- Content source
- https://threatpost.com/gamaredon-apt-toolset-ukraine/152568/
The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets.
Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. He said that these include digital attacks on physical infrastructure and field hardware, including artillery – along with more expected cyber-espionage activity.
One of the latter campaigns was a series of reconnaissance actions against the Hetman Petro Sahaidachnyi National Ground Forces Academy, in the Ukraine; and, spyware implants were spotted in a range of Ukrainian governmental targets.
“Based on SentinelLabs visibility into some of the affected victims, APT Gamaredon affected a large disposition of victim across Ukrainian separatist line with more than five thousand unique Ukrainian entities affected for the past months,” Kremez wrote.
In examining the campaign, SentinelLabs found that Gamaredon has improved its toolset. The latest malware implant appears to be a modified version of the group’s proprietary Pterodo malware, discovered on computers of state authorities of Ukraine performing system reconnaissance.
“This virus collects system data, regularly sends it to command-control servers and expects further commands,” Kremez wrote. “Packaged as self-extracting zip-archive (.SFX), the Gamaredon malware implant components contain a batch script, a binary processor .NET component and macro payloads.”