Russian government-led hacking group has got something more malicious than before against Ukraine

A hacking group that is linked with the Russian government has been found to use previously used information stealer systems to extract all the information from Ukrainian victims, according to the report from Cisco. 

Asher Malhotra and Guilherme Venere — security researchers with Cisco Talos — said to The Records that they have identified the campaign of stealing important information of recent in August. It involves custom-made malware designed to steal specific important data and pose additional problems for infected devices. According to the researchers in this field, this campaign has been attributed to a group name Gamaredon. This group is linked to the Russian Federal Security Service and has a long black history of cyberattacks against Ukraine earlier also. 

This info stealer is not like the previous one that Gamaredon had used previously researchers say. “We suspect it may be a component of Gamaredon’s ‘Giddome’’ backdoor family, but we are unable to confirm that at this time.”

The malware is typically spread through malicious LNK files in phishing emails related to the war in Ukraine. The malicious LNK files come contained in compressed archives called RAR archives and typically are the only files in the archives.  

The LNK files and Microsoft Office document names contain references pertinent to the Russian invasion of Ukraine.