乌克兰主要的执法和反间谍机构周四披露了据称参与黑客入侵的五个人的真实身份,他们被认为是一个名为Gamaredon的网络间谍组织,并将这些成员与俄罗斯联邦安全局联系起来。
Ukraine's Security Service described the hacking group as a "special project of the Federal Security Service, specifically targeting Ukraine" and said the perpetrators "are officials of the FSB of 'Crimea' and traitors who defected to the enemy during the occupation of the address in 2014 ". The names of the five people the SSU claimed were involved in the covert operation were Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych and Sushchenko Oleksandrovych. Since its inception in 2013, the Russia-linked Gamaredon group (Primitive Bear, Armageddon, Winterflounder or Iron Tilden, etc.) has been responsible for a number of malicious phishing campaigns, mainly targeting Ukrainian institutions, with the aim of extracting from compromised Windows for geopolitical gain Obtain confidential information from the system.
It is reported that the threat actor carried out no less than 5,000 cyber attacks on public institutions and critical infrastructure located in the country, and attempted to infect more than 1,500 government computer systems. The majority of the attacks targeted security, defense and law enforcement agencies to Obtain intelligence information.
"Contrary to other APT groups, the Gamaredon organization seems to go out of its way to try to stay under the radar," noted Slovakian cybersecurity firm ESET in an analysis published in June 2020." Even though their tools, which have the ability to download and execute arbitrary binaries, can be far more stealthy, it seems that the group's main focus is to spread as far and as fast as possible across their target networks while trying to steal data."
In addition to relying heavily on social engineering tactics as a vector of intrusion, Gamaredon is also understood to have invested in a series of tools for cutting through an organization's defense systems, which are coded in various programming languages such as VBScript, VBA Script, C#, C++, and Use CMD, PowerShell and .NET command shells."The group's activities are characterized by intrusiveness and audacity," the agency said in a technical report. Chief among its malware arsenal is a modular remote administration tool called Pterodo (aka Pteranodon), which has remote access capabilities, keylogging, screenshot capabilities, microphone access, and the ability to download additional module. Also in use is a .NET-based file stealer designed to collect files with the following extensions. *.doc, *.docx, *.xls, *.rtf, *.odt, *.txt, *.jpg, and *.pdf. The third tool involves a malicious payload designed to distribute malware via connected removable media, in addition to collecting and exfiltrating data stored in these devices.
"The SSU is continuously taking steps to contain and neutralize Russian cyber aggression against Ukraine," the agency said. "As a unit of the so-called 'Office of the Federal Security Service of Russia in the Republic of Crimea and the city of Sevastopol', this group began in 2014 as an outpost […] to purposefully threaten Ukrainian state institutions and the normal functioning of critical infrastructure.”
Original article by lyon, if reproduced, please credit: https://www.cncso.com/en/ukraine-accuses-the-gamaredon-network-of-spy-organizations-and-the-russian- federal-security-service.html
