Gamaredon Group
The Gamaredon Group is an Advanced Persistent Threat (APT) group that has been active since 2013 – their targets are often Ukrainian government officials, and they rely on phishing emails to deliver threatening binaries to their targets primarily. The documents used as bait may often be disguised as important military files that the recipient is likely to want to review. Although the group has been active for over five years, they have not made many changes to their approach, and continue to use a combination of custom-developed malware and public tools to execute their attacks. It is not unusual for APT groups to abuse legitimate tools for harmful purposes since attacks of this sort are often more difficult to spot.
Pteranodon, an Essential Part of the Gamaredon Group's Attacks
One of the notorious tools that the Gamaredon Group has used recently is the Pteranodon Trojan, a backdoor that we have covered on our websites extensively. Pteranodon can act as a reconnaissance tool that captures screenshots from the infected host, as well as a backdoor that allows the Gamaredon Group threat actors to plant secondary payloads on the compromised system.
Earlier, we mentioned that the Gamaredon Group has been taking advantage of public hacking tools and legitimate applications to carry out nefarious tasks on infected hosts – one of the earliest examples of this dates back to 2014 when they propagated a copy of the 'Remote Manipulator System' (RMS) remote control software to their targets. The threat was distributed via phishing emails that contained a macro-laced document whose purpose was to drop a self-extracting archive to the victim's computer. RMS is not the only remote access tool that the Gamaredon Group has used, and through the years, they have carried out attacks using other popular Virtual Network Computing (VNC) programs.
The group's end-goal appears to be performing long-term reconnaissance operations and extracting data from the infected network. Their carefully selected targets and tailored phishing emails are a certain sign that the group has inside information that helps them craft legit-looking bait documents.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.