Latvia's Defence Ministry Targeted  

Uploaded on 2023-02-03 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Latvia has been attacked online by a Russian hacking group called Gamaredon, sometimes known as 'Prinitive Bear', who have been delivering a phishing attack on Latvia’s Ministry of Defence (MoD). The cyber defence firm Sekoia report that Gamaredon sent spear-phishing emails to the Latvian MoD officials, pretending to be Ukrainian government officials.

The hackers used the domain name “admou[.]org,” which had previously been associated with the group in attacks meant to steal data and break into networks controlled by Ukraine and its allies. 

At least one recipients at the MoD uploaded the message and attachment to the VirusTotal service for research and scanning after becoming suspicious of it. They found that the email attachment contained malicious code that, when activated, started a series of procedures meant to aid hackers in stealing information from the intended targets within the Ministry of Defence. The MoD says that the Gamaredon group’s attempted phishing attack against it was unsuccessful.

Ukrainian cyber security officials described Gamaredon’s attacks as intrusive and audacious and said the group’s main purpose was “to conduct targeted cyber intelligence operations.”

Latvia’s Computer Emergency Readiness Team (CERT-LV) says that cyber attacks in the country have risen 30% since the start of the war in Ukraine, with the most serious threats posed by pro-Russian hacktivists targeting critical infrastructure, businesses, and Latvia's government. 

Gamaredon has been linked to Russia's FSB spy agency, along with another possible overlapping groups also known as Primitive Bear and has been busy attacking organisations outside of Russia for at least the last decade or so.  Gamaredon hackers tried to hack into a NATO nation’s oil refinery in 2022 using Word documents, it targeted Ukraine’s military and governmental institutions.

Latvia has supported Ukraine since the beginning of the war, providing weapons, humanitarian aid and shelter for Ukrainian refugees. Other Ukrainian allies, especially former Soviet Union members including Estonia and Lithuania, are also reporting an increase in cyber attacks. Norway’s foreign ministry and other institutions have been targeted, according to Norwegian intelligence sources.

Ukraine says that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information Security in Moscow. The group began operations in June 2013, just months before Russia forcibly annexed the Crimean Peninsula from Ukraine.

SSU Ukraine:     Sentinel One:     TEISS:     Sekoia:    The Record:   Guardian:   

You Might Also Read:

Lost Russian Cyber Spies Return:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransom Attack On Financial Services Software Supplier 
UK Cyber Week - London - 4 and 5 April 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Bigbee Technology

Bigbee Technology

Bigbee Technology are an IT solutions company based in Dar es Salaam founded by a group of professionals from around the globe.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

ITConnexion

ITConnexion

From cloud migration to ransomware protection, our managed IT services can be customised to address the most prevalent IT issues for your business.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

Trisul Network Analytics

Trisul Network Analytics

Trisul helps organizations deploy full spectrum deep network monitoring which can serve as a single source of truth for performance monitoring, security analytics, threat detection and compliance.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Zyber 365

Zyber 365

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

Alset Technologies

Alset Technologies

Alset Technologies provides DASH - a comprehensive solution to DISA STIG (Security Technical Implementation Guide) compliance.