Summary: A long-running Russian hacking group, Gamaredon, is reportedly behind a campaign aimed at installing a surveillance tool on Ukrainian computers through phishing emails. This campaign has been active since at least November 2024 and leverages themes related to the Ukraine invasion to lure victims. The malicious tool deployed, Remcos, allows unauthorized access and data collection from infected systems.
Affected: Ukrainian computers and infrastructure
Keypoints :
- Gamaredon group, also known as BlueAlpha, is linked to Russia’s Federal Security Service and has been active since at least 2013.
- The group utilized phishing emails with misleading content about troop movements to deliver malicious files.
- Remcos enables attackers to bypass antivirus protection and extract sensitive information, making it a potent tool for surveillance.
- In 2023, Ukraine reported 277 cyber incidents attributed to Gamaredon.
- The campaign aligns with ongoing Russian cyber activities targeting individuals supportive of Ukraine.
Source: https://therecord.media/gamaredon-phishing-campaign-fake-ukraine-documents-remcos