Lucene search
K

47 matches found

The Hacker News
The Hacker News
added last week7 views

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

A Russian advanced persistent threat APT group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new...

8.8CVSS7.3AI score0.85778EPSS
Exploits35
The Hacker News
The Hacker News
added 2026/06/02 6:21 p.m.24 views

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR,...

8.8CVSS6.5AI score0.85778EPSS
Exploits35
Positive Technologies
Positive Technologies
added 2025/11/30 12:0 a.m.10 views

PT-2025-48392

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to the fix for CVE-2025-80880 Description A wiper named GamaWiper, based on VBScript, has been identified in attacks targeting Ukraine. The initial access is gained through the exploitation of a vulnerability in WinRAR. T...

6.7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2025/09/19 8:24 a.m.3 views

Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine

Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla...

7.1AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/04/14 10:0 a.m.17 views

Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine

For the past decade, this group of FSB hackers—including “traitor” Ukrainian intelligence officers—has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/10 10:53 a.m.21 views

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

The Russia-linked threat actor known as Gamaredon aka Shuckworm has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/07 1:40 p.m.18 views

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control C2 channel. "'Fast flux' is a technique used to...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/31 9:30 a.m.23 views

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/28 10:0 a.m.12 views

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Cisco Talos is actively tracking an ongoing campaign targeting users in Ukraine with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian words related to the movement of troops in Ukraine as a lure. The PowerShell downloader contacts...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/27 7:59 a.m.11 views

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy , which is assessed to share overla...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/12 1:35 p.m.4 views

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome , marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/06 7:3 a.m.7 views

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop. The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's design...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/08 5:49 a.m.12 views

Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday

Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters. The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack....

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/04/17 11:59 a.m.32 views

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

7AI score
Exploits0
hivepro
hivepro
added 2023/11/20 11:43 a.m.15 views

Gamaredon Deploys LitterDrifter USB Worm in Cyber Espionage Operations

Summary: Russian cyber espionage group Gamaredon aka Primitive Bear has been observed utilizing a USB-propagating worm known as LitterDrifter in attacks targeting Ukrainian entities. This group has recently adopted LitterDrifter, a worm written in VBS, designed to spread through removable USB...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/17 5:17 a.m.33 views

CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise

The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. "As a vector of primary compromise, for the most part, emails and messages in messengers Telegram, WhatsApp, Signal are used, in most cases, using...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/08 11:4 a.m.45 views

Russian Hackers Using Graphiron Malware to Steal Data from Ukraine

A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Tea...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/08 6:16 a.m.3 views

CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050 , with...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/08 6:16 a.m.51 views

CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with...

1.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/02 12:43 p.m.34 views

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre SCPC of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium,...

0.9AI score
Exploits0
Rows per page
Query Builder