Email security, Security Strategy, Plan, Budget, Threat Management

Ukraine: Phishing attacks launched by Russian hacking group Armageddon

Russian state-sponsored hacking group Armageddon, also known as Gamaredon, has been identified by the Computer Emergency Response Team of Ukraine to have been launching two separate phishing campaigns targeted at Ukrainian organizations and European Union government agencies, according to BleepingComputer. The CERT-UA reported that Armageddon had targeted Ukrainian government agencies with emails regarding "Information on war criminals of the Russian Federation" that includes an HTML attachment that if opened would trigger the creation and deployment of a RAR file with a LNK file that would download another VBScript code-laced HTA file with a PowerShell script that would then facilitate final payload retrieval. Meanwhile, the EU-targeting campaign involved the delivery of the "Assistance" and "Necessary_military_assistance" RAR archive attachments with LNK files that prompt a similar infection chain to the one used in the Ukraine-targeted campaign. The Latvian government has received at least one of the emails but more European governments are being targeted, the CERT-UA said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.