Threat Database Malware Gamaredon Group

Gamaredon Group

The Gamaredon Group is an APT (Advanced Persistent Threat), which some speculate originates from Russia, although this information is yet to be confirmed. The Gamaredon Group was first spotted back in 2013. This hacking group goes after Ukrainian targets mostly, which often tend to be high-ranking officials. The preferred propagation method is phishing email campaigns. The Gamaredon Group makes sure to make the emails seem as legitimate as possible by using various social engineering techniques. The phishing emails would often have an attached file that is tailored to look like an important document that needs immediate reviewing. This APT is known to use both hacking tools, which they have developed as well as threats that are available for purchase online. Furthermore, the Gamaredon Group also has been spotted weaponizing genuine applications and deploying them in their harmful campaigns.

The Pteranodon Backdoor Trojan

The Pteranodon backdoor Trojan is among the arsenal of hacking tools of the Gamaredon Group. This Trojan is known to be a very well-developed threat, which can cause a lot of damage. The Pteranodon backdoor Trojan is used for espionage-related operations mainly, as it can collect data by taking screenshots of the victim’s desktop. This threat also can be used to deploy additional malware on the infected host by utilizing its backdoor feature.

Uses Legitimate Applications in Harmful Campaigns

As we already mentioned, the Gamaredon Group is known for using legitimate software in its threatening operations. The start of this was in 2014 when malware researchers detected that the Gamaredon Group is spreading a variant of the genuine remote access application known as RMS (Remote Manipulator System). Remaining faithful to their propagation methods, the Gamaredon Group was using phishing emails as the infection vector in this campaign. The emails would contain an attachment, which was macro-laced and carried the payload of the tool. Throughout the years, using legitimate remote access software like RMS became another signature move of the Gamaredon Group.

The Gamaredon Group is a patient bunch, and they make sure to collect information over time, being careful about not raising any red flags and remaining under the radar of their victims.


Most Viewed