Russian 'Gamaredon' hackers use 8 new malware payloads in attacks


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.

This hacking group is believed to be operated directly by the Russian FSB (Federal Security Service) and has been responsible for thousands of attacks in Ukraine since 2013.

Researchers at Symantec's Threat Hunter team, a part of Broadcom Software, have analyzed eight malware samples used by Gamaredon against Ukrainian targets in recent attacks, which could provide essential information for defenders to protect against the ongoing wave attacks.

According to Symantec's report, the monitored attacks began in July with the dissemination of spear-phishing emails that carried macro-laced Word documents.

These files launched a VBS file that dropped "Pteranodon," a well-documented backdoor that Gamaredon has been developing and improving for almost seven years now.

However, while recent attacks are still conducted using phishing emails, these attacks now drop eight different payloads, [...]