Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Shuckworm’s Escalating Attacks

June 15, 2023
Reading Time: 2 mins read
in Alerts

 

The Russian cyber espionage group known as Shuckworm has escalated its targeted attacks on Ukrainian entities, with the aim of stealing sensitive information from compromised systems. Symantec’s latest report reveals that the recent intrusions, which began in February/March 2023, primarily targeted security services, military organizations, and government entities.

In some instances, the Russian group managed to maintain prolonged access to the compromised environments, with intrusions lasting up to three months. The attackers focused on accessing and stealing critical information, such as reports on the deaths of Ukrainian service members, enemy engagements, air strikes, arsenal inventories, and training reports.

Shuckworm, also known by various other names such as Aqua Blizzard, Gamaredon, and Winterflounder, has been attributed to Russia’s Federal Security Service (FSB) and has been active since at least 2013. The group employs spear-phishing campaigns to lure victims into opening malicious attachments, leading to the deployment of information stealers like Giddome, Pterodo, GammaLoad, and GammaSteel on infected systems. Secureworks notes that Shuckworm prioritizes high-tempo operations over operational security, which makes its infrastructure identifiable through the regular use of specific Dynamic DNS providers, Russian hosting providers, and remote template injection techniques.

Symantec’s report highlights the latest set of attacks conducted by Shuckworm, revealing that the threat actors have adopted a new PowerShell script to propagate the Pterodo backdoor via USB drives. The grohttps://staging.cybermaterial.com/russian-state-hackers-attack-ukrainian-entities/up has expanded its techniques by utilizing Telegram channels to retrieve IP addresses of servers hosting payloads, and it has also started storing command-and-control (C2) addresses on Telegraph, a blogging platform owned by Telegram. Furthermore, Shuckworm employs a PowerShell script called “foto.safe” that spreads through compromised USB drivers and has the capability to download additional malware onto compromised hosts.

The persistent targeting of Ukrainian entities by Shuckworm demonstrates the group’s unrelenting focus on Ukraine and its ongoing efforts to gather data that may aid their military operations. These findings align with recent revelations by Microsoft regarding destructive attacks, espionage, and information operations conducted by another Russian nation-state actor known as Cadet Blizzard, further indicating the continuous threat posed by Russian-backed cyber attack groups in Ukraine

Reference:
  • Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
Tags: Aqua BlizzardCyber AlertCyber Alerts 2023espionageGamaredonJune 2023RussiaShuckwormUkraineWinterflounder
ADVERTISEMENT

Related Posts

TikTok Videos Spread Vidar StealC Malware

TikTok Videos Spread Vidar StealC Malware

May 23, 2025
TikTok Videos Spread Vidar StealC Malware

New ZeroCrumb Malware Steals Browser Cookies

May 23, 2025
TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

May 23, 2025
GitLab Patch Stops Service Disruption Risks

Function Confusion Hits Serverless Clouds

May 22, 2025
GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

May 22, 2025
GitLab Patch Stops Service Disruption Risks

GitLab Patch Stops Service Disruption Risks

May 22, 2025

Latest Alerts

New ZeroCrumb Malware Steals Browser Cookies

TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Subscribe to our newsletter

    Latest Incidents

    Cetus Crypto Exchange Hacked For $223M

    MCP Data Breach Hits 235K NC Lab Patients

    UFCW Data Breach Risks Social Security Data

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial