← All stories
● Covered by 1 source Β· 1 reportMedium impact

Gamaredon Intensifies Cyber Attacks on Ukraine with New Malware Techniques

Aggregated by BrevFeed security Β· updated 1d ago
πŸ”– Save

Gamaredon, a Russian APT group, has expanded its cyber attacks against Ukraine with new malware and tactics throughout 2025. The group has conducted 35 spear-phishing campaigns aimed at Ukrainian governmental and military institutions, focusing on exfiltrating sensitive data that could serve Russian interests in the ongoing conflict.

Key points

Overview of Gamaredon's Activities

Gamaredon has intensified its cyber operations against Ukraine in 2025. ESET, a Slovakian cybersecurity firm, reported observing 35 distinct spear-phishing campaigns primarily targeting Ukrainian governmental and military organizations. These efforts are believed to support Russian interests amid the ongoing war.

New Malware and Techniques

The recent campaigns utilize various techniques including HTML smuggling through archive attachments and XHTML files. Malicious HTA downloaders are deployed to drop additional payloads like PteroSand, while some attacks exploit the patched WinRAR vulnerability (CVE-2025-8088) to achieve persistence.

Increased Use of Third-Party Services

In 2025, Gamaredon has shifted to relying more on third-party services for its operations. This includes using tunnel services and serverless platforms, which help conceal its actual back-end infrastructure, making detection and mitigation more challenging for defenders.

Introduction of New Malware Tools

The group has added six new PowerShell tools to its custom malware arsenal, enhancing its capabilities. Tools like PteroDee and PteroCache focus on fetching and executing PowerShell payloads in memory, while PteroDum specializes in VBScript payloads.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

Gamaredon, a Russian APT group, has expanded its cyber attacks against Ukraine with new malware and tactics throughout 2025. The group has conducted 35 spear-phishing campaigns aimed at Ukrainian governmental and military institutions, focusing on exfiltrating sensitive data that could serve Russian interests in the ongoing conflict.