Russian Hackers Have New Tools

Uploaded on 2023-11-24 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

New analysis form CheckPoint Research focuses on Gamaredon, a powerful Russian APT group that stands out for its large-scale espionage & sabotage attack on organisations in Ukraine, demonstrating the group’s evolving tactics which demonstrate flexibility in targeting critical infrastructure.

Also known as Primitive Bear, ACTINIUM and Shuckworm, Gamaredon is prominent player in Russian cyber espionage, with a unique focus on Ukraine.

While many Russian cyber espionage groups operate in the shadows, Gamaredon is conspicuous in its large-scale campaigns, leaving a trail of destruction for Check Point's cyber security researchers to examine.

Gamaredon has recently deployed LitterDrifter is a VBS-written worm designed to spread through USB drives and their latest tool has dual functionalities, which reveal its potential for a global impact with potential infections in countries, far beyond its original targets in Ukraine.

Its primary objectives are automatic spreading over USB drives and establishing communication with a flexible set of command-and-control servers. This strategic design aligns with Gamaredon’s overarching goals, allowing the group to maintain persistent access to its targets.

USB Worm’s Global Reach

While Gamaredon primarily targets Ukrainian entities, the nature of the LitterDrifter worm introduces a global element to its operations. Indications of possible infections have been observed in countries such as the USA, Vietnam, Chile, Poland, Germany, and even Hong Kong.

This suggests that, like other USB worms, LitterDrifter may have spread beyond its originally intended targets, posing a broader threat to cyber security worldwide.

Gamaredon’s Affiliations

Gamaredon distinguishes itself by targeting a wide array of Ukrainian entities, showcasing a relentless commitment to its espionage goals. The Security Service of Ukraine (SSU), the Ukrainian law enforcement authority and main intelligence and security agency in the areas of counter-intelligence activity and combating organised crime has identified Gamaredon personnel as officers from the Russian Federal Security Service (FSB).

The FSB is the Russian internal security and counter-intelligence service responsible for counter-intelligence, anti-terrorism, and surveillance of the military, adding a geopolitical dimension to the group’s activities.

C2 Infrastructure

Gamaredon’s command-and-control infrastructure demonstrates extreme flexibility and volatility, although despite these dynamic characteristics, the infrastructure maintains previously reported patterns and characteristics, indicating a degree of consistency in Gamaredon’s approach.

LitterDrifter doesn’t only rely on groundbreaking techniques and may appear to be a relatively unsophisticated piece of malware. However, Check Point say this apparent simplicity is in line with its goals, mirroring Gamaredon’s overall approach. This method has demonstrated considerable effectiveness, as evidenced by the group’s sustained activities in Ukraine.

Conclusion

As cyber security experts continue to unravel the complexities of state-sponsored cyber espionage, Gamaredon remains a focal point of scrutiny.

The LitterDrifter worm serves as a testament to the group’s adaptability and innovation, showcasing the constant evolution of cyber threats. Understanding and dissecting such malware is crucial in fortifying global cyber security defenses against increasingly sophisticated adversaries.

Image: Mikhail Arefiev

You Might Also Read: 

The Emerging Domain Of Cyber War:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Library Confirms Ransomware Attack
What Is Cyber Hygiene & Why Is It Important? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.