A long-running Russian state-backed hacking group appears to be behind an ongoing campaign designed to install a widely used surveillance tool on Ukrainian computers, researchers have found. The campaign, active since at least November 2024, is attributed with medium confidence to the Gamaredon group in a report by cybersecurity firm Cisco Talos. Also known as BlueAlpha, the group has been described as one of “the most engaged” Moscow-backed cyberthreat actors in the region. In its latest campaign, Gamaredon used phishing emails containing malicious files related to troop movements in Ukraine to infect victims. The invasion of Ukraine is a common theme in Gamaredon’s phishing campaigns, according to the researchers.
Latest gambit for Gamaredon: Fake Ukraine troop movement documents with malicious links (Daryna Antoniuk, The Record)
Related articles