8 New Malware Payloads Spotted As Part of Attacks Against Ukrainian Targets

Stu Sjouwerman | Feb 1, 2022

8 New Malware Payloads SpottedSecurity Threat Researchers at Symantec have published details about malware being put out by the “Gamaredon” threat group (who have been tied to Russian Federal Security Service), responsible for attacks in the Ukraine since 2013.

Keeping an eye on new malware can help us understand how the attack surface is changing based on how cybercriminals are modifying their tactics. A new report from Symantec’s Threat Hunter team showcases eight specific pieces of malware they’ve found, including the methods used to infect their target victim endpoints.

While worth a read, the overarching activity theming involves the heavy reliance on VB scripts, dropping staged payloads, and hosting files in the %TEMP%, %PUBLIC%, and %USERPROFILE% folders.

What makes this news so important is that we’re not just seeing one method of infection; we have a single cybercriminal group using eight different methods of attack – and not just testing them; but actually using them in the field. That means they’ve passed muster in testing and are equally dangerous.

The evolution of cybercrime to date has felt mostly linear in its growth. The “as a Service” model has seen crimeware grow at a much faster rate. But 8 pieces of malware at once? That feels a bit like exponential growth to me.

I hope we don’t see this kind of thing too often.

According to Symantec, all 8 start with a phishing attack – which means there’s a strong opportunity for your users to stop these and any other forms of malware by simply seeing the phishing attack for what it is. Security Awareness Training is the most effective way to ensure users remain on notice when interacting with email and the web.

Topics: Malware

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.