Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Shuckworm’s Escalating Attacks

June 15, 2023
Reading Time: 2 mins read
in Alerts

 

The Russian cyber espionage group known as Shuckworm has escalated its targeted attacks on Ukrainian entities, with the aim of stealing sensitive information from compromised systems. Symantec’s latest report reveals that the recent intrusions, which began in February/March 2023, primarily targeted security services, military organizations, and government entities.

In some instances, the Russian group managed to maintain prolonged access to the compromised environments, with intrusions lasting up to three months. The attackers focused on accessing and stealing critical information, such as reports on the deaths of Ukrainian service members, enemy engagements, air strikes, arsenal inventories, and training reports.

Shuckworm, also known by various other names such as Aqua Blizzard, Gamaredon, and Winterflounder, has been attributed to Russia’s Federal Security Service (FSB) and has been active since at least 2013. The group employs spear-phishing campaigns to lure victims into opening malicious attachments, leading to the deployment of information stealers like Giddome, Pterodo, GammaLoad, and GammaSteel on infected systems. Secureworks notes that Shuckworm prioritizes high-tempo operations over operational security, which makes its infrastructure identifiable through the regular use of specific Dynamic DNS providers, Russian hosting providers, and remote template injection techniques.

Symantec’s report highlights the latest set of attacks conducted by Shuckworm, revealing that the threat actors have adopted a new PowerShell script to propagate the Pterodo backdoor via USB drives. The grohttps://staging.cybermaterial.com/russian-state-hackers-attack-ukrainian-entities/up has expanded its techniques by utilizing Telegram channels to retrieve IP addresses of servers hosting payloads, and it has also started storing command-and-control (C2) addresses on Telegraph, a blogging platform owned by Telegram. Furthermore, Shuckworm employs a PowerShell script called “foto.safe” that spreads through compromised USB drivers and has the capability to download additional malware onto compromised hosts.

The persistent targeting of Ukrainian entities by Shuckworm demonstrates the group’s unrelenting focus on Ukraine and its ongoing efforts to gather data that may aid their military operations. These findings align with recent revelations by Microsoft regarding destructive attacks, espionage, and information operations conducted by another Russian nation-state actor known as Cadet Blizzard, further indicating the continuous threat posed by Russian-backed cyber attack groups in Ukraine

Reference:
  • Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
Tags: Aqua BlizzardCyber AlertCyber Alerts 2023espionageGamaredonJune 2023RussiaShuckwormUkraineWinterflounder
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial