Category | Details |
---|---|
Threat Actors | Gamaredon APT (also known as Primitive Bear, Actinium, UAC-0010, Aqua Blizzard, Blue Otso, Shuckworm). |
Campaign Overview | Russian state-sponsored APT group targeting Ukraine and NATO-aligned nations with cyberespionage campaigns since 2013. |
Target Regions (Or Victims) | Ukrainian government, military, critical infrastructure, and NATO-aligned nations (Poland, Bulgaria, Lithuania, Latvia). |
Methodology | – Spear-phishing emails with trojanized Word documents – Weaponized USB drives – Exploitation of legitimate services for C2 communication. |
Product Targeted | Military intelligence, government communications, critical infrastructure. |
Malware Reference | GammaLoad, GammaDrop, PteroLNK, Pterodo, GammaSteel, PteroPSDoor. |
Tools Used | – PteroDoc for weaponized documents – Scheduled tasks for persistence – Legitimate services (Telegram, Cloudflare DNS) for C2 communication. |
Vulnerabilities Exploited | Relies on user execution vulnerabilities (social engineering) rather than software flaws. |
TTPs | – Persistent spear-phishing – Lateral movement via USB drives – Scheduled tasks and registry modification for persistence. |
Attribution | Attributed to Russian FSB, aligned with Moscow’s geopolitical objectives. |
Recommendations | – Strengthen email and endpoint security – Monitor USB device activity – Regular patching – Leverage threat intelligence feeds. |
Source | SOCRadar |
Read full article: https://socradar.io/dark-web-profile-gamaredon-apt/
The above summary has been generated by an AI language model
Leave a Reply