| Category | Details |
|---|---|
| Threat Actors | Gamaredon APT (also known as Primitive Bear, Actinium, UAC-0010, Aqua Blizzard, Blue Otso, Shuckworm). |
| Campaign Overview | Russian state-sponsored APT group targeting Ukraine and NATO-aligned nations with cyberespionage campaigns since 2013. |
| Target Regions (Or Victims) | Ukrainian government, military, critical infrastructure, and NATO-aligned nations (Poland, Bulgaria, Lithuania, Latvia). |
| Methodology | - Spear-phishing emails with trojanized Word documents - Weaponized USB drives - Exploitation of legitimate services for C2 communication. |
| Product Targeted | Military intelligence, government communications, critical infrastructure. |
| Malware Reference | GammaLoad, GammaDrop, PteroLNK, Pterodo, GammaSteel, PteroPSDoor. |
| Tools Used | - PteroDoc for weaponized documents - Scheduled tasks for persistence - Legitimate services (Telegram, Cloudflare DNS) for C2 communication. |
| Vulnerabilities Exploited | Relies on user execution vulnerabilities (social engineering) rather than software flaws. |
| TTPs | - Persistent spear-phishing - Lateral movement via USB drives - Scheduled tasks and registry modification for persistence. |
| Attribution | Attributed to Russian FSB, aligned with Moscow’s geopolitical objectives. |
| Recommendations | - Strengthen email and endpoint security - Monitor USB device activity - Regular patching - Leverage threat intelligence feeds. |
| Source | SOCRadar |
Read full article: https://socradar.io/dark-web-profile-gamaredon-apt/
The above summary has been generated by an AI language model
Leave a Reply