Recent Shuckworm activity observed and aimed at Ukraine appears to be delivering information-stealing malware to targeted networks. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26.
REFERENCE: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm
ADVERSARY: Gamaredon Group
TARGETED COUNTRY: Ukraine
MALWARE FAMILY: Giddome
ATT&CK IDS: T1113 - Screen Capture, T1059 - Command and Scripting Interpreter, T1036 - Masquerading, T1119 - Automated Collection, T1218.005 - Mshta, T1020 - Automated Exfiltration, T1041 - Exfiltration Over C2 Channel
Read More:
Comments