Yoroi-Cybaze: Russian hackers are still targeting Eastern Europe and Ukraine. After APT28, also Gamaredon try to spy Kiev. The lure is a legit document of the “State of the Armed Forces of Ukraine”, weaponized with Pteranodon malware
Russian hackers have a “special attention” on Eastern Europe. Yoroi-Cybaze cyber security experts discovered a new campaign against Ukraine by Gamaredon threat actor, that follows the recent interferences by APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) on the elections in the country. In the Sofacy offensive, there were multiple targets. In the last one, instead, they are especially military personnel. It leverage a legit document of the “State of the Armed Forces of Ukraine”, dated back in the 2nd April 2019, that contains the Pteranodon malware. The backdoor is designed for spying purposes and it has been used by the Gamaredon APT group since 2013. Probably, because it’s still very effective.
The cyber security experts: There could be ongoing a mass cyber warfare operation against Ukraine, to spy and influence its politics
According to Yoroi-Cybaze, the Russian hacking group Gamaredon was first spotted in 2013 and in 2015, when researchers at LookingGlass shared the details of a cyber espionage operation tracked as Operation Armageddon, targeting other Ukrainian entities. Their “special attention” on Eastern European countries was also confirmed by CERT-UA, the Ukrainian Computer Emergency Response Team. The cyber security experts believe that the new campaigns could be linked. This to spy targets in Eastern Europe, and interfere with the Ukrainian politics. So there could be an effort on large scale, with multiple threat actors involved at many levels, and with different goals. The cyber attacks, moreover, did not stop even after the election of Volodymyr Zelens’kyj as president. This confirm that the intent to spy and influence the politics of the European country is persistent.