Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware


AI generated Image

The LNK files seemingly reference intelligence briefings related to the Russian invasion of Ukraine to trick unsuspecting victims into opening the shortcuts, resulting in the execution of a PowerShell beacon script that ultimately paves the way for next-stage payloads. It entails leveraging decoy Microsoft Word documents containing lures related to the Russian invasion of Ukraine distributed via email messages to infect targets. Active since 2013, Gamaredon – also known as Actinium, Armageddon, Primitive Bear, Shuckworm, and Trident Ursa – has been linked to numerous attacks aimed at Ukrainian entities in the aftermath of Russia's military invasion of Ukraine in late February 2022.

Source read time: 1 min -

Also offered in: Nederlands

More news for you