Latvia's Defence Ministry Targeted  

Uploaded on 2023-02-03 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Latvia has been attacked online by a Russian hacking group called Gamaredon, sometimes known as 'Prinitive Bear', who have been delivering a phishing attack on Latvia’s Ministry of Defence (MoD). The cyber defence firm Sekoia report that Gamaredon sent spear-phishing emails to the Latvian MoD officials, pretending to be Ukrainian government officials.

The hackers used the domain name “admou[.]org,” which had previously been associated with the group in attacks meant to steal data and break into networks controlled by Ukraine and its allies. 

At least one recipients at the MoD uploaded the message and attachment to the VirusTotal service for research and scanning after becoming suspicious of it. They found that the email attachment contained malicious code that, when activated, started a series of procedures meant to aid hackers in stealing information from the intended targets within the Ministry of Defence. The MoD says that the Gamaredon group’s attempted phishing attack against it was unsuccessful.

Ukrainian cyber security officials described Gamaredon’s attacks as intrusive and audacious and said the group’s main purpose was “to conduct targeted cyber intelligence operations.”

Latvia’s Computer Emergency Readiness Team (CERT-LV) says that cyber attacks in the country have risen 30% since the start of the war in Ukraine, with the most serious threats posed by pro-Russian hacktivists targeting critical infrastructure, businesses, and Latvia's government. 

Gamaredon has been linked to Russia's FSB spy agency, along with another possible overlapping groups also known as Primitive Bear and has been busy attacking organisations outside of Russia for at least the last decade or so.  Gamaredon hackers tried to hack into a NATO nation’s oil refinery in 2022 using Word documents, it targeted Ukraine’s military and governmental institutions.

Latvia has supported Ukraine since the beginning of the war, providing weapons, humanitarian aid and shelter for Ukrainian refugees. Other Ukrainian allies, especially former Soviet Union members including Estonia and Lithuania, are also reporting an increase in cyber attacks. Norway’s foreign ministry and other institutions have been targeted, according to Norwegian intelligence sources.

Ukraine says that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information Security in Moscow. The group began operations in June 2013, just months before Russia forcibly annexed the Crimean Peninsula from Ukraine.

SSU Ukraine:     Sentinel One:     TEISS:     Sekoia:    The Record:   Guardian:   

You Might Also Read:

Lost Russian Cyber Spies Return:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransom Attack On Financial Services Software Supplier 
UK Cyber Week - London - 4 and 5 April 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.