While utilizing the InQuest Lab’s platform, we recently found an exciting attack targeting victims with a malicious document masquerading as a Ukrainian Military payroll document. The attack chain utilizes a remote template and has geofencing capability to only serve and infect victims within the Ukrainian network. This campaign has been attributed to Russia’s Gamaredon APT group.
Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. InQuest previously wrote about their activity in the GlowSpark report.
Get in touch to learn how InQuest can stop these threats!