Russian hackers have been accused of attempted phishing attacks against the Latvian Ministry of Defense.
Gamaredon, a Russian government-backed cyber espionage group, has a domain name (admou[.]org) gang previously linked to previous attack It is designed to steal information and access networks operated by Ukraine and its allies.
Researcher at French security company Sequoia explained Hackers allegedly sent spear-phishing emails to the Latvian Ministry of Defense, posing as officials from the Ukrainian Ministry of Defense.
Since the message was uploaded to the VirusTotal service for scanning, it appears that at least one recipient was suspicious of the message and its attachments.
Smuggled within the email attachment was malicious code that launched a series of processes designed to help the hackers steal information from their intended targets within the Latvian Ministry of Defense.
As The Record I will explainwhat made investigating the attack unusual is that once the Gamaredon hacking group realized an attack was being investigated, it began contacting researchers.
A CERT-LV spokesperson told The Record that hackers sent a meme depicting a Russian bear with paws to Ukraine while the US and EU tried to contain it.
FSB-affiliated Gamaredon (also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder) has been attacking organizations outside of Russia for at least a decade.
For example, last year, Gamaredon hackers Hack an oil refinery Based in NATO member states, it targeted Ukrainian military and government entities. Booby-trapped Word document.
The Latvian Ministry of Defense said the phishing attempt by the Gamaredon group was unsuccessful.
According to Latvia’s Computer Emergency Response Team (CERT-LV), cyberattacks in the country have increased by 30% since the start of the war in Ukraine, with pro-Russian hacktivists and Kremlin-backed hackers being the most serious threats. Targets critical infrastructure, enterprises. , and the Latvian government.
