Gamaredon, a Russian-sponsored hacker group, has come under fire from the State Cyber Protection Centre (SCPC) of Ukraine for its targeted cyber attacks on the nation’s critical information infrastructure and state institutions.
According to a report published by the SCPC, its operational center for responding to cyber incidents recorded targeted cyber attacks that were attributed to Gamaredon (also known as UAC-0010, Armageddon, Primitive Bear, Iron Tilden, or Shuckworm) against public authorities and vital information infrastructure.
Targeted cyber attacks are one of the main cyber threats in Ukraine, and over time, attackers have improved their tactics and reengineered malware variants to stay under the radar and avoid detection.
“The current activity of the UAC-0010 group is characterized by an approach to the multi-stage loading and execution of payloads of WPS, which is used to maintain control over infected hosts,” reads the SCPC report. “Such payloads are similar types of malware, which are developed by attackers to perform similar behavioral patterns. Currently, the UAC-0010 group uses the GammaLoad and GammaSteel SPZs in their campaigns.”
The Russia-Ukraine war has been complemented by destructive malware strikes, targeted phishing campaigns, and distributed denial-of-service (DDoS) attacks. Trelliix, a Cybersecurity firm, confirmed a significant rise in email-based cyber attacks targeting Ukraine’s public and private sectors, attributing most of the emails to the UAC-0010 group.
Other malware variants distributed via these campaigns include FormBook, Remcos, Houdini RAT, and Andromeda. As the war continues, attackers tend to capitalize on the panic and unrest, and they execute attacks on the Ukraine government, financial sector, energy, infrastructure, and other elements.
“In order to improve the state of security of information and communication systems of state authorities, enterprises, institutions and organizations of various forms of ownership, we emphasize the importance of taking proactive measures and complying with Methodological recommendations on increasing the level of cyber protection of critical information infrastructure,” the SCPC report said.