Cybersecurity researchers on Monday said they uncovered evidence of attempted attacks by a Russia-linked hacking operation targeting a Ukrainian entity in July 2021.
Broadcom-owned Symantec, in a new report published Monday, attributed the attacks to an actor tracked as Gamaredon (aka Shuckworm or Armageddon), a cyber-espionage collective known to be active since at least 2013.
In November 2021, Ukrainian intelligence agencies branded the group as a "special project" of Russia's Federal Security Service (FSB), in addition to pointing fingers at it for carrying out over 5,000 cyberattacks against public authorities and critical infrastructure located in the country.
Gamaredon attacks typically originate with phishing emails that trick the recipients into installing a custom remote access trojan called Pterodo. Symantec disclosed that, between July 14, 2021 and August 18, 2021, the actor installed several variants of the backdoor as well as deployed additional scripts and tools.
"The attack chain began with a malicious document, likely sent via a phishing email, which was opened by the user of the infected machine," the researchers said. The identity of the affected organization was not disclosed.
Towards the end of July, the adversary leveraged the implant to download and run an executable file that acted as a dropper for a VNC client before establishing connections with a remote command-and-control server under their control.
"This VNC client appears to be the ultimate payload for this attack," the researchers noted, adding the installation was followed by accessing a number of documents ranging from job descriptions to sensitive company information on the compromised machine.
Ukraine Calls Out False Flag Operation in Wiper Attacks
The findings come amidst a wave of disruptive and destructive attacks levied against Ukrainian entities by alleged Russian state-sponsored actors, resulting in the deployment of a file wiper dubbed WhisperGate, around the same time multiple websites belonging to the government were defaced.
Subsequent investigation into the malware has since revealed that the code used in the wiper was re-purposed from a faux ransomware campaign called WhiteBlackCrypt that was aimed at Russian victims in March 2021.
Interestingly, the ransomware is known to include a trident symbol — that is part of Ukraine's coat of arms — in the ransom note it displays to its victims, leading Ukraine to suspect that this may have been a false flag operation deliberately intended to blame a "fake" pro-Ukrainian group for staging an attack on their own government.
Related links
- Hackrf Tools
- Blackhat Hacker Tools
- Hacking Tools For Mac
- Kik Hack Tools
- Hack Tools 2019
- Tools Used For Hacking
- Hacking Tools Mac
- Pentest Recon Tools
- Hack And Tools
- Pentest Tools
- Hacker Tools For Pc
- Hacker Tools Windows
- Hack Tools For Windows
- How To Hack
- Hack Tools
- Hacker Tools For Windows
- Tools For Hacker
- Hack Tools 2019
- Beginner Hacker Tools
- Hacking Tools Download
- Pentest Tools For Ubuntu
- Best Pentesting Tools 2018
- Android Hack Tools Github
- Computer Hacker
- Pentest Tools Kali Linux
- Pentest Tools Github
- Hacking Tools Download
- Hackrf Tools
- Free Pentest Tools For Windows
- Hacking Tools For Beginners
- Hack Website Online Tool
- Hacking Tools Windows 10
- Hackers Toolbox
- Easy Hack Tools
- Pentest Tools Bluekeep
- Hack Tool Apk
- Pentest Tools Online
- How To Install Pentest Tools In Ubuntu
- Hack Tool Apk
- Hacker Tools Linux
- Pentest Tools Website
- Top Pentest Tools
- Hackrf Tools
- Hacker Tools
- Hacker Tools For Mac
- Hack Tools For Windows
- Pentest Tools Website
- New Hack Tools
- Tools For Hacker
- Hacker Hardware Tools
- Pentest Tools Url Fuzzer
- Tools Used For Hacking
- Pentest Tools Nmap
- Hack And Tools
- Install Pentest Tools Ubuntu
- Hack Tools For Pc
- Hacking Tools 2020
- Pentest Tools Apk
- Hack Tools For Windows
- Pentest Tools Website Vulnerability
- Underground Hacker Sites
- Hack App
- Growth Hacker Tools
- Pentest Tools Review
- Pentest Tools Windows
- Pentest Tools List
- Hacking Tools 2019
- Hack Tools For Ubuntu
- Hack Tools 2019
- Pentest Tools Url Fuzzer
- Hack Tools Github
- Hack Apps
- Hack Tools Github
- Pentest Tools Linux
- Pentest Tools Bluekeep
- Hack Apps
- Hacker Techniques Tools And Incident Handling
- What Is Hacking Tools
- Physical Pentest Tools
- Pentest Tools Framework
- Hacker Tools For Windows
- Hacking Tools For Beginners
- Hacking Tools For Beginners
- Pentest Box Tools Download
- Hak5 Tools
- Pentest Tools Android
- Wifi Hacker Tools For Windows
- Hacker Tools Hardware
- Hacker Tools For Ios
- Pentest Tools Open Source
- Pentest Tools List
- Pentest Tools Subdomain
- Hacking Tools Hardware
- Game Hacking
- Pentest Tools Github
- Hacker Tools For Ios
- Pentest Tools For Mac
- Pentest Tools Online
- Pentest Tools Linux
- Pentest Tools Free
- Hacking Tools For Windows 7
- Hacker Tools Free
- Pentest Tools Download
- Hacking Tools For Pc
- How To Install Pentest Tools In Ubuntu
- Black Hat Hacker Tools
- Physical Pentest Tools
- Pentest Tools Apk
- Tools For Hacker
- Hacking Tools For Mac
- Pentest Tools List
- How To Make Hacking Tools
- Pentest Box Tools Download
- Hacking Tools For Windows 7
- Hacker Security Tools
- Hacker Tools Windows
- Hack Tools For Ubuntu
- Hacker Tools Software
- Pentest Tools Website
- How To Hack
- Hacking Tools For Windows
- Hack Tools
- Tools For Hacker
- Hack Tools
- Hacker Tools Apk Download
- Hacker Tools Online
- Hacking App
- Pentest Tools Bluekeep
- Hacker Techniques Tools And Incident Handling
- Hacker Tools 2020
- Hacking Tools Free Download
- Pentest Tools For Android
- Top Pentest Tools
- Best Hacking Tools 2019
- Hack Tool Apk