The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries.
Palo Alto Networks’ Unit 42 threat intelligence team, in a new report publicized on February 3, said that the phishing attack took place on January 19, adding it “mapped out three large clusters of their infrastructure used to support different phishing and malware purposes.”
The threat actor, also known as Shuckworm, Armageddon, or Primitive Bear, has historically focused its offensive cyber attacks against Ukrainian government officials and organizations since 2013. Last year, Ukraine disclosed the collective’s ties to Russia’s Federal Security Service (FSB).
To carry out the phishing attack, the operators behind the campaign leveraged a job search and employment platform within the country as a conduit to upload their malware downloader in the form of a resume for an active job listing related to the targeted entity.
“Given the steps and precision delivery involved in this campaign, it appears this may have been a specific, deliberate attempt by Gamaredon to compromise this Western government organization,” the researchers noted.
images from Hacker News