Russian Hackers Have New Tools

Uploaded on 2023-11-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

New analysis form CheckPoint Research focuses on Gamaredon, a powerful Russian APT group that stands out for its large-scale espionage & sabotage attack on organisations in Ukraine, demonstrating the group’s evolving tactics which demonstrate flexibility in targeting critical infrastructure.

Also known as Primitive Bear, ACTINIUM and Shuckworm, Gamaredon is prominent player in Russian cyber espionage, with a unique focus on Ukraine.

While many Russian cyber espionage groups operate in the shadows, Gamaredon is conspicuous in its large-scale campaigns, leaving a trail of destruction for Check Point's cyber security researchers to examine.

Gamaredon has recently deployed LitterDrifter is a VBS-written worm designed to spread through USB drives and their latest tool has dual functionalities, which reveal its potential for a global impact with potential infections in countries, far beyond its original targets in Ukraine.

Its primary objectives are automatic spreading over USB drives and establishing communication with a flexible set of command-and-control servers. This strategic design aligns with Gamaredon’s overarching goals, allowing the group to maintain persistent access to its targets.

USB Worm’s Global Reach

While Gamaredon primarily targets Ukrainian entities, the nature of the LitterDrifter worm introduces a global element to its operations. Indications of possible infections have been observed in countries such as the USA, Vietnam, Chile, Poland, Germany, and even Hong Kong.

This suggests that, like other USB worms, LitterDrifter may have spread beyond its originally intended targets, posing a broader threat to cyber security worldwide.

Gamaredon’s Affiliations

Gamaredon distinguishes itself by targeting a wide array of Ukrainian entities, showcasing a relentless commitment to its espionage goals. The Security Service of Ukraine (SSU), the Ukrainian law enforcement authority and main intelligence and security agency in the areas of counter-intelligence activity and combating organised crime has identified Gamaredon personnel as officers from the Russian Federal Security Service (FSB).

The FSB is the Russian internal security and counter-intelligence service responsible for counter-intelligence, anti-terrorism, and surveillance of the military, adding a geopolitical dimension to the group’s activities.

C2 Infrastructure

Gamaredon’s command-and-control infrastructure demonstrates extreme flexibility and volatility, although despite these dynamic characteristics, the infrastructure maintains previously reported patterns and characteristics, indicating a degree of consistency in Gamaredon’s approach.

LitterDrifter doesn’t only rely on groundbreaking techniques and may appear to be a relatively unsophisticated piece of malware. However, Check Point say this apparent simplicity is in line with its goals, mirroring Gamaredon’s overall approach. This method has demonstrated considerable effectiveness, as evidenced by the group’s sustained activities in Ukraine.

Conclusion

As cyber security experts continue to unravel the complexities of state-sponsored cyber espionage, Gamaredon remains a focal point of scrutiny.

The LitterDrifter worm serves as a testament to the group’s adaptability and innovation, showcasing the constant evolution of cyber threats. Understanding and dissecting such malware is crucial in fortifying global cyber security defenses against increasingly sophisticated adversaries.

Image: Mikhail Arefiev

You Might Also Read: 

The Emerging Domain Of Cyber War:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Library Confirms Ransomware Attack
What Is Cyber Hygiene & Why Is It Important? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

Quadron Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

RiverSafe

RiverSafe

RiverSafe is a professional services provider specialising in Cyber Security, Data Operations and DevOps, putting security at the heart of everything we do.