{"id":21360,"date":"2022-09-28T04:29:00","date_gmt":"2022-09-28T04:29:00","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=21360"},"modified":"2026-04-17T18:07:43","modified_gmt":"2026-04-17T18:07:43","slug":"apt-group-gamaredon-intensifies-cyber-offensive-in-ukraine","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/apt-group-gamaredon-intensifies-cyber-offensive-in-ukraine\/","title":{"rendered":"APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 1)"},"content":{"rendered":"\n

Overview<\/strong><\/h2>\n\n\n\n

Beginning in the second quarter of this year, NSFOCUS Security Labs discovered that the APT group Gamaredon began frequently using a number of different types of attacks to conduct cyberattacks against military and police targets in Ukraine’s Kherson, Donetsk and other regions.<\/p>\n\n\n\n

In this attack cycle, Gamaredon mainly used attack tools such as malicious office documents, malicious HTML attachments, and malicious SFX files, along with carefully designed decoy messages, to form three different attack processes. Tracking analysis revealed that Gamaredon significantly increased the frequency of various types of attack activities in late July, and the number of decoy deliveries reached a new peak.<\/p>\n\n\n\n

About APT Group Gamaredon<\/strong><\/h2>\n\n\n\n

The earliest activities of the Russian APT group Gamaredon can be traced back to 2013. The group has carried out phishing attacks against government departments in Eastern European countries, especially Ukraine, for a long time. Common tools include various decoys disguised as official government documents, various scripting programs, and various homemade Trojans.<\/p>\n\n\n\n

The Ukrainian side blamed the Gamaredon organization on the Russian Federal Security Service (FSB).<\/p>\n\n\n\n

Gamaredon is known for its huge attack scale. According to NSFOCUS Global DDoS Attack Landscape (H1 2022)<\/a> report, medium and high-sophistication level threat actors have more attack resources to launch large-scale attacks. With adequate attack resources, launching Tb-level DDoS attacks will not be a difficult thing.  <\/p>\n\n\n\n

With its large attack resources, the Gamaredon consistently delivers a wide variety of short-lived attack modules to minimize the chances of exposure and countermeasures.<\/p>\n\n\n\n

As the situation between Russia and Ukraine gradually escalated, the Gamaredon group significantly increased the frequency of its cyberattacks, actively using various known techniques to try to infiltrate critical institutions such as the Ukrainian government, military barracks, and police stations.<\/p>\n\n\n\n

Trend Analysis<\/strong><\/h2>\n\n\n\n

In the process of tracking and analyzing the three types of attack activities used by Gamaredon, we found that the organization significantly intensified the frequency of attacks after July, and the attack trends showed the following two aspects:<\/p>\n\n\n\n