Ukraine has been facing a continuous onslaught of attacks against its state services from Russian hacking group Gamaredon, also known as Armageddon, with the country's Computer Emergency Response Team noting the group's targeting of an information infrastructure facility and thousands of government computers, according to The Record, a news site by cybersecurity firm Recorded Future.
Gamaredon has been noted by ESET researcher Robert Lipovsky to have escalated malware development and phishing operations this year, while CERT-UA said that the group has also continuously evolved its tools and tactics in an effort to better bypass detection.
Phishing messages delivered via compromised messaging accounts are typically used by Gamaredon to achieve initial access before leveraging the GammaSteel information-stealing malware to facilitate data exfiltration within 30 to 50 minutes, according to CERT-UA.
While lacking in sophistication, Gamaredon has become a formidable threat due to its persistence, said Symantec threat intelligence analyst Dick O'Brien.
Numerous government, political, and academic organizations in South Korea have been targeted by the Chinese state-backed advanced persistent threat operation TAG-74 as part of a "multi-year" cyberespionage campaign part of China's intellectual property theft and influence operations, The Hacker News reports.