Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Throughout 2024, Gamaredon focused exclusively on targeting Ukrainian governmental institutions with spearphishing campaigns and weaponized USB drives. The group developed six new tools and significantly updated existing ones, improving stealth and evasion capabilities. Gamaredon increased the scale of its spearphishing campaigns, especially in the second half of the year. The group also made efforts to bypass network-based blocking, hiding most of its command and control infrastructure behind Cloudflare tunnels. Notable updates include enhancements to PteroLNK for weaponizing network drives, improvements in file exfiltration techniques, and the introduction of new downloaders. Despite these advancements, Gamaredon showed signs of operational limitations, occasionally abandoning or infrequently updating certain tools.
OPENCTI LABELS :
apt,powershell,spearphishing,cloudflare tunnels
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset