Summary: A report by Symantec reveals that the Russian-linked espionage group Shuckworm has launched a sophisticated cyber campaign targeting a foreign military mission in Ukraine. The campaign, characterized by enhanced malware capabilities and stealth, employs a multi-staged infection chain that utilizes legitimate tools and advanced obfuscation techniques to evade detection. Despite being considered less technically skilled than other Russian groups, Shuckworm’s recent tactics indicate a significant evolution in its approach to cyber espionage.
Affected: Foreign military mission in Ukraine
Keypoints :
- The attack employs a multi-staged infection chain initiated by a malware-laden USB drive.
- Shuckworm has improved its infostealer tool, GammaSteel, incorporating new reconnaissance capabilities.
- Advanced evasion techniques include the use of legitimate applications and registry modifications to maintain persistence and avoid detection.