At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Russian Threat Actor Launches Spear-Phishing Campaign Against Ukrainians

    The Russian threat actor Gamaredon is targeting Ukrainians with spear-phishing documents related to troop movements, according to researchers at Cisco Talos.

    “The invasion of Ukraine is a common theme used by the Gamaredon group in their phishing campaigns and this campaign continues the use of this technique,” the researchers write.

    “The actor distributes LNK files compressed inside ZIP archives, usually disguising the file as an Office document and using names that are related to the invasion.

    Although Talos was not able to pinpoint the exact method by which these files are distributed, it is likely that Gamaredon continues to send phishing emails with either the ZIP file directly attached to it or containing a URL link to download the file from a remote host.”

    Once opened, the files will install the Remcos malware in the background. The themes are designed to trick users into opening the document quickly without stopping to think.

    “The translation for these names shows the intent of this campaign in using a war-related theme,” Talos explains. “We can see some of the files use names of Russian or Ukrainian agents, as well as names alluding to troop movements in the region of conflict. These files contain metadata indicating only two machines were used in creating the malicious shortcut files.

    As we mentioned in a previous blog Gamaredon tends to use a short list of machines when creating the LNK files for their campaigns and the ones used in this campaign were previously seen by Talos in incidents related to this threat group. The LNK files contain PowerShell code used to download and execute the next stage payload, as well as a decoy file which is shown to the user after the infection occurs as a way to disguise the compromise.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Cisco Talos has the story.

    Comprehensive Anti-Phishing Guide

    Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don’t have an effective strategy to stop them. Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.

    Comprehensive-Anti-Phishing-Guide-Thumbnail

    Strategies include:

    • Developing a comprehensive, defense-in-depth plan
    • Technical controls all organizations should consider
    • Gotchas to watch out for with cybersecurity insurance
    • Benefits of implementing new-school security awareness training
    • Best practices for creating and implementing security policies

    Get the E-Book now!

    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-reply-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top