Gamaredon Group - New Toolset
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Affected platforms
The following platforms are known to be affected:
Threat details
The Gameredon Group are an Advanced Persistent Threat (APT) group, which targets mainly Ukrainian government and military organisations.
The group is known to use Top Level Domains such as; .ru and .ua which belong to Russia and Ukraine respectively and use compromised domains and dynamic DNS to distribute their malware. They use phishing emails to trick users into downloading self-extracting zip files which download tools and send information to the Command and control (C2) servers.
Capabilities of the custom toolset include; capturing screenshots, downloading and executing additional binaries and executing commands on the victim’s system. Many of the malicious binaries which have been identified have a very low detection rate by anti-virus vendors, making it all the more important to follow good security hygiene practices.
Remediation steps
Last edited: 17 February 2020 11:31 am