Researchers detail Russia-linked group's cyber-espionage tactics in Ukraine

Written by
Jan 31, 2022 | CYBERSCOOP

Researchers at Symantec say they have identified some of the specific tactics used by a Russia-linked hacking operation that Ukraine’s government outed in November of last year.

The cyber-espionage group, commonly labeled as Gamaredon or Armageddon, is known for using phishing emails to try to install remote access tools on victims’ computers, with the goal of exfiltrating data. Symantec’s Threat Hunter Team published a blog post Monday explaining how the spies used infected Microsoft Word attachments in mid-2021 to implant backdoor files allowing for the delivery of more malware.

The researchers don’t specify who was targeted in their case study. The goal is to highlight the tactics, techniques and procedures (TTP) in question, especially if the Russia-Ukraine conflict boils over in the coming weeks, they say.

“We do not expect to see reemergence of these TTPs until just prior or during active conflict,” the team told CyberScoop.

As tensions between Ukraine and Russia ramped up in late 2021, the Security Service of Ukraine published a detailed analysis linking Gamaredon to Russia’s Federal Security Service (FSB), including recordings of the hackers discussing attacks in real-time.

The Symantec case study tracks an

Read More: