Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Shuckworm’s Escalating Attacks

June 15, 2023
Reading Time: 2 mins read
in Alerts

 

The Russian cyber espionage group known as Shuckworm has escalated its targeted attacks on Ukrainian entities, with the aim of stealing sensitive information from compromised systems. Symantec’s latest report reveals that the recent intrusions, which began in February/March 2023, primarily targeted security services, military organizations, and government entities.

In some instances, the Russian group managed to maintain prolonged access to the compromised environments, with intrusions lasting up to three months. The attackers focused on accessing and stealing critical information, such as reports on the deaths of Ukrainian service members, enemy engagements, air strikes, arsenal inventories, and training reports.

Shuckworm, also known by various other names such as Aqua Blizzard, Gamaredon, and Winterflounder, has been attributed to Russia’s Federal Security Service (FSB) and has been active since at least 2013. The group employs spear-phishing campaigns to lure victims into opening malicious attachments, leading to the deployment of information stealers like Giddome, Pterodo, GammaLoad, and GammaSteel on infected systems. Secureworks notes that Shuckworm prioritizes high-tempo operations over operational security, which makes its infrastructure identifiable through the regular use of specific Dynamic DNS providers, Russian hosting providers, and remote template injection techniques.

Symantec’s report highlights the latest set of attacks conducted by Shuckworm, revealing that the threat actors have adopted a new PowerShell script to propagate the Pterodo backdoor via USB drives. The grohttps://staging.cybermaterial.com/russian-state-hackers-attack-ukrainian-entities/up has expanded its techniques by utilizing Telegram channels to retrieve IP addresses of servers hosting payloads, and it has also started storing command-and-control (C2) addresses on Telegraph, a blogging platform owned by Telegram. Furthermore, Shuckworm employs a PowerShell script called “foto.safe” that spreads through compromised USB drivers and has the capability to download additional malware onto compromised hosts.

The persistent targeting of Ukrainian entities by Shuckworm demonstrates the group’s unrelenting focus on Ukraine and its ongoing efforts to gather data that may aid their military operations. These findings align with recent revelations by Microsoft regarding destructive attacks, espionage, and information operations conducted by another Russian nation-state actor known as Cadet Blizzard, further indicating the continuous threat posed by Russian-backed cyber attack groups in Ukraine

Reference:
  • Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
Tags: Aqua BlizzardCyber AlertCyber Alerts 2023espionageGamaredonJune 2023RussiaShuckwormUkraineWinterflounder
ADVERTISEMENT

Related Posts

Hackers Use Leaked Shellter License Malware

Windows BitLocker Vulnerability Flaw

July 9, 2025
Hackers Use Leaked Shellter License Malware

Hackers Use Leaked Shellter License Malware

July 9, 2025
Hackers Use Leaked Shellter License Malware

Anatsa Android Trojan Targets 90K Users

July 9, 2025
AMOS Mac Stealer Adds Persistent Backdoor

AMOS Mac Stealer Adds Persistent Backdoor

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

NordDragonScan Malware Steals Windows Data

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

New Ransomware BERT Targets ESXi Systems

July 8, 2025

Latest Alerts

Windows BitLocker Vulnerability Flaw

Anatsa Android Trojan Targets 90K Users

Hackers Use Leaked Shellter License Malware

New Ransomware BERT Targets ESXi Systems

NordDragonScan Malware Steals Windows Data

AMOS Mac Stealer Adds Persistent Backdoor

Subscribe to our newsletter

    Latest Incidents

    Credit Reports Breached And Sold On Dark Web

    Recruiting Software Exposed 26M Resumes

    Norwegian Municipalities Hit by Data Breach

    French Chip Firm Semco Hacked During IPO

    Louis Vuitton Korea Hit By Cyberattack

    Virginia School District Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial