Gamaredon, like Fancy Bear and Cozy Bear, steps up cyberattacks against Ukraine, others

Russia didn’t just ratchet up its aggression toward Ukraine on the high seas last week, it also stepped cyberattacks against the country and other governments and private entities around the world.

Familiar threat actors Fancy Bear - using a packed Zebrocy variant and Cannon payload - and Cozy Bear – delivering a Cobalt Strike Beacon backdoor payload - increased their activity, Stealthcare said, but so did Gamaredon, another threat actor tied to Russia.

“The cyberattacks are in keeping with Russia’s effort to extend Soviet-style hegemony worldwide—far beyond regional sea skirmishes with Ukraine,” said Jeremy Samide CEO of Stealthcare, whose Zero Day Live Threat Intelligence platform detected the attacks. 

“Closer to home, a new backdoor attacker has been targeting Ukrainian government agencies. The backdoor, dubbed Pterodo, is associated with the Gamaredon threat group that relies largely on off-the-shelf software and primarily focuses on Ukrainian military and government targets,” said Samide. “Pterodo is a custom backdoor that inserts other malware and collects sensitive information. Along with Gamaredon group, it has been tied to Russia’s Federal Security Service (FSB), alongside the Cozy Bear group.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.