Ukraine's main law enforcement and counterintelligence agency disclosed on Thursday its alleged involvement inhackerThe true identities of the five individuals who were compromised were believed to be a cyber espionage group called Gamaredon, and linked the members to the Russian Federal Security Service.
Ukraine's Security Service described the hacking group as a "special project of the Federal Security Service, specifically targeting Ukraine" and said the perpetrators "are officials of the FSB of 'Crimea' and traitors who defected to the enemy during the occupation of the address in 2014 ". The names of the five people the SSU claimed were involved in the covert operation were Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych and Sushchenko Oleksandrovych. Since its inception in 2013, the Russia-linked Gamaredon group (Primitive Bear, Armageddon, Winterflounder or Iron Tilden, etc.) has been responsible for a number of malicious phishing campaigns, mainly targeting Ukrainian institutions, with the aim of extracting from compromised Windows for geopolitical gain Obtain confidential information from the system.
It is reported that the threat actor carried out no less than 5,000 cyber attacks on public institutions and critical infrastructure located in the country, and attempted to infect more than 1,500 government computer systems. The majority of the attacks targeted security, defense and law enforcement agencies to Obtain intelligence information.
"Contrary to other APT groups, the Gamaredon organization seems to go out of its way to try to stay under the radar," noted Slovakian cybersecurity firm ESET in an analysis published in June 2020." Even though their tools, which have the ability to download and execute arbitrary binaries, can be far more stealthy, it seems that the group's main focus is to spread as far and as fast as possible across their target networks while trying to steal data."
In addition to relying heavily on social engineering tactics as a vector of intrusion, Gamaredon is also understood to have invested in a series of tools for cutting through an organization's defense systems, which are coded in various programming languages such as VBScript, VBA Script, C#, C++, and Use CMD, PowerShell and .NET command shells."The group's activities are characterized by intrusiveness and audacity," the agency said in a technical report. Chief among its malware arsenal is a modular remote administration tool called Pterodo (aka Pteranodon), which has remote access capabilities, keylogging, screenshot capabilities, microphone access, and the ability to download additional module. Also in use is a .NET-based file stealer designed to collect files with the following extensions. *.doc, *.docx, *.xls, *.rtf, *.odt, *.txt, *.jpg, and *.pdf. The third tool involves a malicious payload designed to distribute malware via connected removable media, in addition to collecting and exfiltrating data stored in these devices.
"The SSU is continuously taking steps to contain and neutralize Russian cyber aggression against Ukraine," the agency said. "As a unit of the so-called 'Office of the Federal Security Service of Russia in the Republic of Crimea and the city of Sevastopol', this group began in 2014 as an outpost […] to purposefully threaten Ukrainian state institutions and the normal functioning of critical infrastructure.”
Original article by lyon, if reproduced, please credit: https://www.cncso.com/en/ukraine-accuses-the-gamaredon-network-of-spy-organizations-and-the-russian- federal-security-service.html
