NCSCC analyzes Gamaredon group's activity during Ukrainian counteroffensive - report

A new report on cyber threat trends analyzes the growing activity of the Gamaredon group ahead of Ukraine's counteroffensive. Against the backdrop of a new stage of hostilities, the activity of the russian group is growing. In particular, they are trying to steal classified military information.

Key conclusions:

Preparing infrastructure: before the Ukrainian counteroffensive, the Gamaredon group prepared its infrastructure - we saw a significant increase in the number of cyberattacks.

Use of compromised documents: Gamaredon uses stolen legitimate documents of compromised organizations to infect victims. These documents are often disguised as reports or official communications, which increases the likelihood of a successful attack.

Exploitation of legitimate services: The Gamaredon group uses legitimate services such as Telegram and Telegraph for covert network communications. Obviously, it is now necessary to consider limiting the use of these platforms in the public sector of Ukraine.

A versatile malware arsenal: The group's malware arsenal includes GammaDrop, GammaLoad, GammaSteel, LakeFlash, and Pterodo. This toolkit provides a multifaceted approach to compromising victims.

Read the full report here.