Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection. Learn to Stop Ransomware with Real-Time Protection In February 2022, the hacking group was connected to espionage attacks targeting government, military, non-government organizations (NGO), judiciary, law enforcement, and non-profit organizations with the main goal of exfiltrating sensitive information.Īrmageddon, also known by the moniker Gamaredon, is also believed to have singled out Latvian government officials as part of a related phishing attack towards the end of March 2022, employing war-themed RAR archives to deliver malware.
The emails come with an HTML file attachment ("War Criminals of the Russian Federation.htm"), opening which culminates in the download and execution of a PowerShell-based implant on the infected host.ĬERT-UA attributed the attack to Armageddon, a Russia-based threat actor with ties to the Federal Security Service (FSB) that has a history of striking Ukrainian entities since at least 2013. In another social engineering campaign observed by Ukraine's Computer Emergency Response Team (CERT-UA), war-related email lures were sent to Ukrainian government agencies to deploy a piece of espionage malware. The modus operandi mirrors that of an earlier phishing attack that was disclosed in early March that leveraged compromised inboxes belonging to different Indian entities to send phishing emails to users of Ukr.net to hijack the accounts.
0 kommentar(er)
