Russian APT Primitive Bear attacks Western gov't department in Ukraine through job hunt

A sophisticated cybercriminal group hailing from Russia has been caught trying to attack a Western government outfit located in Ukraine.

At a time when tensions between Russia and Ukraine are high, with world leaders concerned that the former is intending to invade, there is already digital warfare at hand. 

In recent weeks, Ukraine has been subject to defacement and tampering of numerous government-run websites, Microsoft’s Threat Intelligence Center (MSTIC) has warned that destructive malware is being used in assaults against Ukrainian organizations, and the US Treasury Department has sanctioned Ukrainian nationals for allegedly trying to help create “instability” ahead of a potential invasion. 

The UK’s National Cyber Security Centre (NCSC) is also urging organizations to ramp up their defenses in light of recent cyberattacks against Ukraine. 

Now, researchers from Palo Alto Networks have uncovered ongoing activity against Ukraine performed by Primitive Bear/Gamaredon, an advanced persistent threat (APT) group of Russian origin. 

The team says that while there is no evidence that Primitive Bear is responsible for any of the recent, publicized attacks, as “one of the most active existing advanced persistent threats targeting Ukraine, we anticipate we will see additional malicious cyber activities over the coming weeks as the conflict evolves.”

Read More: