Even before the current cyber attacks on Ukraine and its KRITIS, there were attacks that were evaluated by Palo Alto Networks Unit 42. According to their findings, the state-supported Russian hacker group "Gamaredon" is behind the attacks.
Cybersecurity analysts from Palo Alto Networks' Unit42 team have just released new information about Gamaredon's activities. This is a hacking group that the Ukrainian SSU (Sluzhba bespeky Ukrajiny - Ukrainian Internal Security Service) recently reported is being run by 5 Russian FSB officers.
Russian hacker group “Gamaredon”
Unit 42 security analysts found evidence that Gamaredon was targeting the Ukrainian government and other organizations and even a Western government agency in Ukraine over the past 3 months as part of widespread attacks.
The research identifies:
- • 700 dangerous domains
- • 100 malware samples
- • 215 dangerous IP addresses
While monitoring this activity, Unit 42 observed an attempt to attack a Western government agency in Ukraine on January 19, 2022. In this attempt, instead of emailing a downloader directly to their target, the attackers instead used an internal job search and employment service in Ukraine. The attackers searched for an active job posting, uploaded a Word document marked as a resume, and submitted it to a western government agency via the job search platform. Given the strides and precise malware delivery associated with this campaign, this appears to have been a deliberate, deliberate attempt by Gamaredon to target this Western government organization in Ukraine. An analysis is also available on the homepage.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.