Gamaredon APT cyber feud strikes Ukrainian entities

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

One of the most ubiquitous, intrusive, consistently active, and laser-focused APTs targeting Ukraine in cyberspace is the Gamaredon group, also known as the Shuckworm. Gamaredon Group has employed fast flux DNS to improve functional efficacy. Fast flux DNS pivots through multiple IPs frequently, using each for a brief time to make IP-based block listing challenging. Threat actors frequently hijack legitimate services to query IP addresses in order to avoid DNS logging for malicious domains.