Throughout 2024, Gamaredon focused exclusively on targeting Ukrainian governmental institutions with spearphishing campaigns and weaponized USB drives. The group developed six new tools and significantly updated existing ones, improving stealth and evasion capabilities. Gamaredon increased the scale of its spearphishing campaigns, especially in the second half of the year. The group also made efforts to bypass network-based blocking, hiding most of its command and control infrastructure behind Cloudflare tunnels. Notable updates include enhancements to PteroLNK for weaponizing network drives, improvements in file exfiltration techniques, and the introduction of new downloaders. Despite these advancements, Gamaredon showed signs of operational limitations, occasionally abandoning or infrequently updating certain tools. Author: AlienVault
Related Tags:
PteroPSDoor
PteroVDoor
PteroSig
PteroLNK
PteroPSLoad
PteroBox
PteroStew
PteroQuark
PteroGraphin
Associated Indicators:
phlovel.ru
andbien.ru
noraspdan.ru
litanq.ru
tienes.ru
loguna.ru
lucystew.ru
wasic.ru
iraiz.ru