8 New Malware Payloads Spotted As Part of Attacks Against Ukrainian Targets

8 New Malware Payloads SpottedSecurity Threat Researchers at Symantec have published details about malware being put out by the “Gamaredon” threat group (who have been tied to Russian Federal Security Service), responsible for attacks in the Ukraine since 2013.

Keeping an eye on new malware can help us understand how the attack surface is changing based on how cybercriminals are modifying their tactics. A new report from Symantec’s Threat Hunter team showcases eight specific pieces of malware they’ve found, including the methods used to infect their target victim endpoints.

While worth a read, the overarching activity theming involves the heavy reliance on VB scripts, dropping staged payloads, and hosting files in the %TEMP%, %PUBLIC%, and %USERPROFILE% folders.

What makes this news so important is that we’re not just seeing one method of infection; we have a single cybercriminal group using eight different methods of attack – and not just testing them; but actually using them in the field. That means they’ve passed muster in testing and are equally dangerous.

The evolution of cybercrime to date has felt mostly linear in its growth. The “as a Service” model has seen crimeware grow at a much faster rate. But 8 pieces of malware at once? That feels a bit like exponential growth to me.

I hope we don’t see this kind of thing too often.

According to Symantec, all 8 start with a phishing attack – which means there’s a strong opportunity for your users to stop these and any other forms of malware by simply seeing the phishing attack for what it is. Security Awareness Training is the most effective way to ensure users remain on notice when interacting with email and the web.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Malware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews