Russian 'Gamaredon' hackers use 8 new malware payloads in attacks


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.

This hacking group is believed to be operated directly by the Russian FSB (Federal Security Service) and has been responsible for thousands of attacks in Ukraine since 2013.

Researchers at Symantec's Threat Hunter team, a part of Broadcom Software, have analyzed eight malware samples used by Gamaredon against Ukrainian targets in recent attacks, which could provide essential information for defenders to protect against the ongoing wave attacks.

According to Symantec's report, the monitored attacks began in July with the dissemination of spear-phishing emails that carried macro-laced Word documents.

These files launched a VBS file that dropped "Pteranodon," a well-documented backdoor that Gamaredon has been developing and improving for almost seven years now.

However, while recent attacks are still conducted using phishing emails, these attacks now drop eight different payloads, [...]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.