Ukrainian military, gov’t agencies facing escalating Gamaredon attacks

Attacks by Russian state-sponsored hacking operation Gamaredon against Ukraine's military and government entities have further intensified as Russia combats Ukraine's counteroffensive operations, according to The Record, a news site by cybersecurity firm Recorded Future. Cyberespionage and data exfiltration were the key objectives of Gamaredon in its ramped-up intrusions against Ukraine, which involved the utilization of attack infrastructure that consisted of newly registered domains and subdomains, a report from Ukraine's National Coordination Center for Cybersecurity revealed. Aside from leveraging malware that facilitates domain name retrieval from Telegram, Telegraph, and Cloudflare that has prompted Ukraine to consider limiting the use of the former two services, Gamaredon has also been utilizing stolen documents to impersonate legitimate entities in their phishing campaigns. The NCCC also noted that Gamaredon's continuous malware toolkit improvements and escalating attacks against Ukraine indicate expanded operations. "The alignment of their activities with critical military events amplifies the group's potential impact," said the report.