The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.
This hacking group is believed to be operated directly by the Russian FSB (Federal Security Service) and has been
responsible for thousands of attacks in Ukraine since 2013.
Researchers at Symantec's Threat Hunter team, a part of Broadcom Software, have analyzed eight malware samples used by Gamaredon against Ukrainian targets in recent attacks, which could provide essential information for defenders to protect against the
ongoing wave attacks.
According to
Symantec's report, the monitored attacks began in July with the dissemination of spear-phishing emails that carried macro-laced Word documents.
These files launched a VBS file that dropped "Pteranodon," a well-documented backdoor that Gamaredon has been developing and improving for almost seven years now.
However, while recent attacks are still conducted using phishing emails, these attacks now drop eight different payloads, [...]
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
