top of page

Gamaredon APT targets Ukrainian government agencies in new campaign

Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain. The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint.

ADVERSARY: Gamaredon Group


ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1105 - Ingress Tool Transfer, T1546 - Event Triggered Execution, T1082 - System Information Discovery, T1113 - Screen Capture, T1140 - Deobfuscate/Decode Files or Information

Read More:

bottom of page