Threat Management, Critical Infrastructure Security

Novel Gamaredon spyware variants leveraged in attacks against Ukraine

Ukraine's critical information infrastructure and public authorities have been subjected to targeted cyberattacks by Russian state-backed cyberespionage operation Gamaredon using the new GammaSteel and GammaLoad spyware strains, according to The Hacker News. Gamaredon also known as UAC-0010, Actinium, Iron Tilden, Armageddon, Shuckworm, Primitive Bear, and Trident Ursa has been employing a multi-step download approach for the execution of spyware, with the GammaLoad VBScript dropper malware used to enable next-stage VBScript downloads and the GammaSteel PowerShell script featuring reconnaissance and additional command execution capabilities, said Ukraine's State Cyber Protection Centre. The new attacks come after Gamaredon was reported by Trellix to account for most email-based cyberattacks against Ukraine in November. "As the Ukraine-Russia war continues, the cyber attacks on Ukraine energy, government and transportation, infrastructure, financial sector etc. are going on consistently. In times of such panic and unrest, the attackers aim to capitalize on the distraction and stress of the victims to successfully exploit them," said Trellix.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.