Ukraine's critical information infrastructure and public authorities have been subjected to targeted cyberattacks by Russian state-backed cyberespionage operation Gamaredon
using the new GammaSteel and GammaLoad spyware strains, according to The Hacker News
Gamaredon also known as UAC-0010, Actinium, Iron Tilden, Armageddon, Shuckworm, Primitive Bear, and Trident Ursa has been employing a multi-step download approach for the execution of spyware, with the GammaLoad VBScript dropper malware used to enable next-stage VBScript downloads and the GammaSteel PowerShell script featuring reconnaissance and additional command execution capabilities, said Ukraine's State Cyber Protection Centre.
The new attacks come after Gamaredon was reported by Trellix to account for most email-based cyberattacks against Ukraine in November.
"As the Ukraine-Russia war continues, the cyber attacks on Ukraine energy, government and transportation, infrastructure, financial sector etc. are going on consistently. In times of such panic and unrest, the attackers aim to capitalize on the distraction and stress of the victims to successfully exploit them," said Trellix.