Ukraine's main law enforcement and counterintelligence agency disclosed on Thursday its alleged involvement inhackerThe true identities of the five individuals who were compromised were believed to be a cyber espionage group called Gamaredon, and linked the members to the Russian Federal Security Service.
Ukraine's Security Service described the hacking group as a "special project of the Federal Security Service, specifically targeting Ukraine" and said the perpetrators "are officials of the FSB of 'Crimea' and traitors who defected to the enemy during the occupation of the address in 2014 ". The names of the five people the SSU claimed were involved in the covert operation were Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych and Sushchenko Oleksandrovych. Since its inception in 2013, the Russia-linked Gamaredon group (Primitive Bear, Armageddon, Winterflounder or Iron Tilden, etc.) has been responsible for a number of malicious phishing campaigns, mainly targeting Ukrainian institutions, with the aim of extracting from compromised Windows for geopolitical gain Obtain confidential information from the system.
It is reported that the threat actor carried out no less than 5,000 cyber attacks on public institutions and critical infrastructure located in the country, and attempted to infect more than 1,500 government computer systems. The majority of the attacks targeted security, defense and law enforcement agencies to Obtain intelligence information.
Slovakiacyber security"Contrary to other APT groups, the Gamaredon group seems to go to great lengths to try to stay under the radar," the company ESET noted in an analysis report published in June 2020. "Even though their tools have the ability to download and execute arbitrary binaries and can be much more stealthy, it appears that this group's main focus is to spread as far and fast as possible within their target networks while attempting to steal data."
In addition to relying heavily on social engineering tactics as a vector of intrusion, Gamaredon is also understood to have invested in a series of tools for cutting through an organization's defense systems, which are coded in various programming languages such as VBScript, VBA Script, C#, C++, and Use CMD, PowerShell and .NET command shells."The group's activities are characterized by intrusiveness and audacity," the agency said in a technical report. Chief among its malware arsenal is a modular remote administration tool called Pterodo (aka Pteranodon), which has remote access capabilities, keylogging, screenshot capabilities, microphone access, and the ability to download additional module. Also in use is a .NET-based file stealer designed to collect files with the following extensions. *.doc, *.docx, *.xls, *.rtf, *.odt, *.txt, *.jpg, and *.pdf. The third tool involves a malicious payload designed to distribute malware via connected removable media, in addition to collecting and exfiltrating data stored in these devices.
"The SSU is continuously taking steps to contain and neutralize Russian cyber aggression against Ukraine," the agency said. "As a unit of the so-called 'Office of the Federal Security Service of Russia in the Republic of Crimea and the city of Sevastopol', this group began in 2014 as an outpost […] to purposefully threaten Ukrainian state institutions and the normal functioning of critical infrastructure.”
Original article, author: lyon, if reprinted, please indicate the source: https://cncso.com/en/ukraine-accuses-the-gamaredon-network-of-spy-organizations-and-the-russian-federal-security -service.html
