Gamaredon Unleashes Six New Malware Tools for Stealth, Persistence, and Lateral Movement

Gamaredon, a Russia-aligned advanced persistent threat (APT) group attributed by Ukraine’s Security Service (SSU) to the FSB’s 18th Center of Information Security, has exclusively targeted Ukrainian governmental institutions throughout 2024, abandoning prior attempts to hit NATO countries.

According to ESET Research Report, which has closely tracked the group’s activities, this refocus aligns with Gamaredon’s long-standing cyberespionage objectives amid the ongoing Russia-Ukraine conflict.

Exclusive Focus on Ukraine Intensifies in 2024

The group’s operations have surged in intensity, with spearphishing campaigns growing in scale and frequency, particularly in the second half of the year.

These campaigns, often spanning one to five days, leverage malicious archives (RAR, ZIP, 7z) and XHTML files using HTML smuggling techniques to deliver HTA or LNK files that execute VBScript downloaders.

Notably, October 2024 saw Gamaredon experiment with malicious hyperlinks and innovative LNK files executing PowerShell ...