The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia’s Ministry of Defense, the ministry told The Record on Friday.
Hackers sent malicious emails to several employees of the ministry, pretending to be Ukrainian government officials. The attempted cyberattack was unsuccessful, the ministry added.
The sample of the malicious email was first shared on Twitter by French cybersecurity company Sekoia.io this week.
The company obtained it from VirusTotal, a Google-owned service that analyzes suspicious files, where one of the targeted users may have downloaded it to verify its sender, according to Sekoia threat intelligence researcher Felix Aime.
Researchers attributed this phishing campaign to Gamaredon because the hackers used the same domain (admou[.]org) as previous cyberattacks, Aime said. Earlier in December, the cybersecurity company Unit 42 also linked this domain to Gamaredon.