Advanced persistent threat (or APT) groups have really come of age in the past several years, as cybercrime syndicates increasingly do more business with rogue state governments that conduct shady online dealings to gain global geopolitical supremacy.
The Gamaredon Group is thought to be a Russian APT that first became known in 2013. The group has experienced a renaissance after the Russian invasion of Ukraine as the hacking group tends to go after high-ranking Ukraine officials. The group generally leverages phishing email campaigns as well as social engineering techniques.
The Gamaredon Group emails contain a file that is constructed to look like an important document that needs immediate reviewing. The group has also developed a code that is available for purchase online and, therefore, partially functions as a Ransomware as a Service or RAAS unit. The Gamaredon Group also often employs the Pteranodon backdoor Trojan. This Trojan, which can cause a lot of damage, is mostly used for espionage-related operations, like taking screenshots of the victim’s desktop.
The Gamaredon Group also uses legitimate software in its operations. An example of this is when the group created a variant of the genuine remote access application RMS (Remote Manipulator System). The Gamaredon Group used phishing emails as the infection vector in this campaign, and the emails contained a macro-laced attachment that carried the payload of the tool.
Dealing with a Gamaredon Group Attack
If you think the Gamaredon Group has infected your computer, you should immediately scan your computer with a reputable malware remediation tool.