Gamaredon Group Launches New Cyberattacks in 2023

In early 2023, the Gamaredon group, a cybercrime group with ties to Russian government-backed attackers, struck again with new attacks targeting government agencies across Europe. The group has already been linked to numerous malware campaigns and has expanded its capabilities over the years, making them a major threat to organizations and consumers alike. Gamaredon has now launched attacks using a combination of Delphi, Hexat, and VBScript malware families as well as phishing tactics. According to security researchers, this new attack campaign has been spotted in countries including Italy, Germany, and Ukraine, but the attackers are believed to have infiltrated networks in other locations too. The attackers are targeting government agencies, the intelligence community, and infrastructure networks. Gamaredon's goal is to gain access to confidential data, including information stored in government databases, as well as financial and other sensitive data. Gamaredon is using a range of techniques to achieve its goals, including exploiting vulnerabilities, hijacking networks, and sending malicious code to targets. The group is also leveraging a range of public exploit portals, which it uses to launch its campaigns. The group's activities have been tracked by a variety of security teams, including those from Trend Micro, Cybereason, and F-Secure. The security researchers have noted that Gamaredon is actively expanding its operations and aims to target additional government agencies and critical infrastructure networks. Organizations should ensure that their networks and systems are regularly updated, as Gamaredon and other attackers may use known vulnerabilities to gain access to sensitive data. Additionally, implementing strong authentication and encryption, as well as monitoring user activity, can all help prevent a successful attack. Gamaredon group's persistent and targeted attacks put data and user privacy at risk, which underscores the importance of implementing effective security measures. Government agencies, organizations, and consumers should take necessary steps to protect themselves from Gamaredon's cyberthreats.

This Cyber News was published on thehackernews.com. Publication date: Mon, 23 Jan 2023 18:57:29 +0000

Cyber News related to Gamaredon Group Launches New Cyberattacks in 2023

Gamaredon Group Launches New Cyberattacks in 2023 - In early 2023, the Gamaredon group, a cybercrime group with ties to Russian government-backed attackers, struck again with new attacks targeting government agencies across Europe. The group has already been linked to numerous malware campaigns and ...
2 years ago Thehackernews.com Gamaredon Group

Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group - The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia's Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, ...
2 years ago Therecord.media

Gamaredon's LittleDrifter USB malware spreads beyond Ukraine - A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group. Malware researchers saw indications of ...
2 years ago Bleepingcomputer.com

CVE-2022-50280 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

Russian hackers attack Western military mission using malicious drive - The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the ...
8 months ago Bleepingcomputer.com

Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 year ago Securelist.com

Gamaredon Group - Gamaredon Group is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name Gamaredon Group comes from a misspelling of the ...
2 years ago Attack.mitre.org Gamaredon Group

Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows - Cisco Talos researchers identified this campaign has been active since at least November 2024, with evidence suggesting Gamaredon is specifically targeting Ukrainian government organizations, critical infrastructure, and entities affiliated with ...
8 months ago Cybersecuritynews.com

Russian spy groups Turla, Gamaredon target Ukraine - Russian state-sponsored cyber espionage groups Turla and Gamaredon have intensified their cyber operations targeting Ukraine amid ongoing geopolitical tensions. These advanced persistent threat (APT) groups are known for their sophisticated tactics, ...
3 months ago Therecord.media Turla Gamaredon

CVE-2022-48895 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

Russian Hacking Groups Gamaredon and Turla: Latest Threats and Tactics - Russian hacking groups Gamaredon and Turla have been identified as persistent threats targeting various sectors globally. These groups are known for their sophisticated cyber espionage campaigns, leveraging advanced malware and phishing techniques to ...
3 months ago Cybersecuritynews.com Gamaredon Turla

security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
2 years ago Securityboulevard.com

NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
1 year ago Techtarget.com Rocke 8base LockBit BianLian Medusa

CVE-2023-53187 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

Variants of RussianSupported Gamaredons Malware Aimed at Ukrainian Government Agencies - The State Cyber Protection Centre of Ukraine has identified the Russian state-sponsored threat actor known as Gamaredon for its cyber attacks on public authorities and critical information infrastructure in the country. This advanced persistent ...
2 years ago Thehackernews.com Turla

New Gamaredon Phishing Attack Targeting Government Entities - A new phishing campaign attributed to the Gamaredon threat group has been identified targeting government entities. This attack leverages sophisticated social engineering tactics to deceive recipients into opening malicious attachments or links, ...
1 month ago Cybersecuritynews.com Gamaredon

Understanding Each Link of the Cyberattack Impact Chain - It's often difficult to fully appreciate the impact of a successful cyberattack. Other consequences aren't so obvious - from a loss of customer trust and potential business to stolen data that may surface as part of another cyberattack years later. ...
2 years ago Securityboulevard.com

Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
2 years ago Darkreading.com Molerats LockBit

Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
2 years ago Darkreading.com Lazarus Group

Ukraine-Russia Cyber Battles Have Real-World Impact - "The evolution of cyberattacks and malware, particularly those that have an intersection with the use of generative AI, have lowered the barrier for entry for threat actors, leading to more threats and a greater volume of attacks," he says. ...
1 year ago Darkreading.com

East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
2 years ago Cnn.com

Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks - For Israel, 2023 will be remembered as the beginning of the war in Gaza after the devastating Hamas terror attacks on Oct. 7. The conflict spread to the cyber realm, with hacktivists on both sides declaring their intentions to conduct cyberattacks. ...
1 year ago Darkreading.com POLONIUM

New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
9 months ago Therecord.media

Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
2 years ago Blog.checkpoint.com