Latvia's Defence Ministry Targeted  

Uploaded on 2023-02-03 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Latvia has been attacked online by a Russian hacking group called Gamaredon, sometimes known as 'Prinitive Bear', who have been delivering a phishing attack on Latvia’s Ministry of Defence (MoD). The cyber defence firm Sekoia report that Gamaredon sent spear-phishing emails to the Latvian MoD officials, pretending to be Ukrainian government officials.

The hackers used the domain name “admou[.]org,” which had previously been associated with the group in attacks meant to steal data and break into networks controlled by Ukraine and its allies. 

At least one recipients at the MoD uploaded the message and attachment to the VirusTotal service for research and scanning after becoming suspicious of it. They found that the email attachment contained malicious code that, when activated, started a series of procedures meant to aid hackers in stealing information from the intended targets within the Ministry of Defence. The MoD says that the Gamaredon group’s attempted phishing attack against it was unsuccessful.

Ukrainian cyber security officials described Gamaredon’s attacks as intrusive and audacious and said the group’s main purpose was “to conduct targeted cyber intelligence operations.”

Latvia’s Computer Emergency Readiness Team (CERT-LV) says that cyber attacks in the country have risen 30% since the start of the war in Ukraine, with the most serious threats posed by pro-Russian hacktivists targeting critical infrastructure, businesses, and Latvia's government. 

Gamaredon has been linked to Russia's FSB spy agency, along with another possible overlapping groups also known as Primitive Bear and has been busy attacking organisations outside of Russia for at least the last decade or so.  Gamaredon hackers tried to hack into a NATO nation’s oil refinery in 2022 using Word documents, it targeted Ukraine’s military and governmental institutions.

Latvia has supported Ukraine since the beginning of the war, providing weapons, humanitarian aid and shelter for Ukrainian refugees. Other Ukrainian allies, especially former Soviet Union members including Estonia and Lithuania, are also reporting an increase in cyber attacks. Norway’s foreign ministry and other institutions have been targeted, according to Norwegian intelligence sources.

Ukraine says that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information Security in Moscow. The group began operations in June 2013, just months before Russia forcibly annexed the Crimean Peninsula from Ukraine.

SSU Ukraine:     Sentinel One:     TEISS:     Sekoia:    The Record:   Guardian:   

You Might Also Read:

Lost Russian Cyber Spies Return:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransom Attack On Financial Services Software Supplier 
UK Cyber Week - London - 4 and 5 April 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

IHS Markit

IHS Markit

The IHS Cybersecurity Package is a one-stop source for published knowledge on cybersecurity, from the world’s leading publishers and authorities.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

Tesorion

Tesorion

Tesorion is a fusion of different enterprises each with its own specialisation in the field of cybersecurity. We have combined these specialisations to create an integrated comprehensive solution.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.