blog.checkpoint.com
Open in
urlscan Pro
65.9.95.71
Public Scan
URL:
https://blog.checkpoint.com/research/decrypting-danger-check-point-research-deep-dive-into-cyber-espionage-tactics-by-russia...
Submission: On November 20 via api from TR — Scanned from DE
Submission: On November 20 via api from TR — Scanned from DE
Form analysis 3 forms found in the DOM
<form id="search-form">
<input type="image" src="/wp-content/themes/atoms/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq" name="stq" class="st-search-input" placeholder="Enter your keywords..." x-webkit-speech=""
x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form><form id="search-form1">
<label style="display: none;">Search</label>
<input type="image" src="https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq1" name="stq1" class="st-search-input" placeholder="Enter your keywords..."
x-webkit-speech="" x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form>GET /
<form action="/" id="searchform" class="search-form" method="get">
<div class="form-group">
<input type="search" name="s" class="search-form__input" autocomplete="off" placeholder="Search ...">
<button type="submit" class="btn search-form__submit"><i class="atbs-atoms-icon-right-arrow"></i></button>
</div>
</form>Text Content
Free Demo Contact Us Support Center Sign In Blog
* Search
*
* Geo Menu
* * Choose your language...
* English (English)
* Spanish (Español)
* French (Français)
* German (Deutsch)
* Italian (Italiano)
* Portuguese (Português)
* Japanese (日本語)
* Chinese (中文)
* Korean (한국어)
* Taiwan (繁體中文)
* Products
* QUANTUM
* Quantum Security Gateway
* Quantum Maestro
* Quantum SASE
* Quantum SASE Internet Access
* Quantum SASE Private Access
* Quantum SD-WAN
* Quantum Spark
* Quantum IoT Protect
* Quantum VPN
* Quantum Smart-1
* Quantum Smart-1 Cloud
* Quantum Cyber Security Platform
* CLOUDGUARD
* CloudGuard Network
* CloudGuard Private Cloud
* CloudGuard Public Cloud
* CloudGuard CNAPP
* CloudGuard Posture Management
* CloudGuard Workload
* CloudGuard AppSec
* CloudGuard Intelligence
* CloudGuard Spectral
* HARMONY
* Harmony Endpoint
* Harmony Email & Collaboration
* Harmony Mobile
* HORIZON
* Horizon MDR/MPR
* Horizon XDR/XPR
* Horizon Playblocks
* Horizon Events
* Infinity Portal
* View All Products A-Z >
* Increase Protection and Reduce TCO with a Consolidated Security
Architecture DISCOVER
Products Overview
* Solutions
* Cloud Security
* Cloud Migration Security
* Compliance in the Cloud
* Cloud Threat Hunting
* Developer Security
--------------------------------------------------------------------------------
Cloud Providers
* AWS Cloud
* Azure Cloud
* Google Cloud
* Network Security
* Hybrid Data Center
* SD-WAN Security
* Zero Trust Security
* IoT Security
--------------------------------------------------------------------------------
AI-Powered Prevention
* ThreatCloud AI
* Users & Access Security
* Secure Access Service Edge (SASE)
* Endpoint Security
* Mobile Security
* Browser Security
* Anti-Ransomware
* Anti-Phishing
--------------------------------------------------------------------------------
Security Operations
* Zero-Day Protection
* Industry
* Retail
* Financial Services
* Federal Government
* State and Local Government
* Healthcare
* Industrial Control Systems ICS & SCADA
* Telco / Service Provider
* Education
--------------------------------------------------------------------------------
Business Size
* Large Enterprise
* Small & Medium Business
* Consumer & Small Business
* Solutions Overview >
* Increase Protection and Reduce TCO with a Consolidated Security
Architecture DISCOVER
* Support & Services
* Support
* Create/View Service Request
* Contact Support
* Check Point Pro
* Support Programs
* Life Cycle Policy
* License Agreement & Warranty
* RMA Policy
* Infinity Global Services
* IGS Overview
* IGS Portal
* Assess
* Cyber Security Risk Assessment
* Security Controls Gap Analysis
* Penetration Testing
* Threat Intelligence
--------------------------------------------------------------------------------
Optimize
* Security Deployment & Optimization
* Advanced Technical Account Management
* Lifecycle Management Services
* Master
* Mind
* Certifications & Accreditations
* CISO Training
* Security Awareness
* Cyber Park
--------------------------------------------------------------------------------
Respond
* Incident Response
* Managed Detection and Response
* Digital Forensics
* HackingPoint Training Learn hackers inside secrets to beat them at their
own game. VIEW COURSES
* Partners
* Channel Partners
* Become a Partner
* MSSP Partner Program
* Global Systems Integrators
* SMB Partners
* Find a Partner
* Technology Partners
* Featured Technology Partners
* AWS Cloud
* Azure Cloud
* Partner Portal
* Product Catalog
* Renewal Tool
* Partner Dashboard
* Campaign Central
* Campaign Marketplace
* Francisco Criado Check Point's VP, Global Partner
Ecosystem
Organization LEARN MORE
* Resources
* Resources
* Content Resource Center
* Product Demos
* Product Trials
* Customer Stories
* Events
* Webinars
* Videos
* Cyber Hub
* Downloads & Documentation
* Downloads & Documentation
* Product Catalog
* Renewal Pricing Tool
* Cyber Security Insights
* Check Point Blog
* Check Point Research
* Cyber Talk for Executives
* CheckMates Community
*
* Search
* Search
* Geo Menu
* Choose your language...
* English (English)
* Spanish (Español)
* French (Français)
* German (Deutsch)
* Italian (Italiano)
* Portuguese (Português)
* Russian (Русский)
* Japanese (日本語)
* Chinese (中文)
* Czech (čeština)
* Indonesian (Bahasa Indonesia)
* Korean (한국어)
* Dutch (Nederlands)
* Polish (Polszczyzna)
* Turkish (Türkçe)
* Taiwan (繁體中文)
* Vietnamese (Tiếng Việt)
Toggle Navigation
Blog Home > Research > Decrypting Danger: Check Point Research deep-dive into
cyber espionage tactics by Russian-origin attackers targeting Ukrainian entities
Filter by: Select category Research (534) Security (870) Securing the
Cloud (269) Harmony (141) Company and Culture (22) Innovation (6) Customer
Stories (8) Horizon (1) Securing the Network (7) Partners (1) Connect
SASE (10) Harmony Email (42) Artificial Intelligence (15)
ResearchNovember 17, 2023
DECRYPTING DANGER: CHECK POINT RESEARCH DEEP-DIVE INTO CYBER ESPIONAGE TACTICS
BY RUSSIAN-ORIGIN ATTACKERS TARGETING UKRAINIAN ENTITIES
ByCheck Point Research
Share
*
*
*
*
*
HIGHLIGHTS:
* GAMAREDON, A DISTINCT APT PLAYER IN RUSSIAN ESPIONAGE, STANDS OUT FOR ITS
LARGE-SCALE CAMPAIGNS PRIMARILY TARGETING UKRAINIAN ENTITIES.
* THE USB WORM, LITTERDRIFTER, REVEALS A GLOBAL IMPACT WITH POTENTIAL
INFECTIONS IN COUNTRIES LIKE THE USA, VIETNAM, CHILE, POLAND, GERMANY, AND
HONG KONG, EXPANDING BEYOND ITS ORIGINAL TARGETS.
* RECENTLY DEPLOYED BY GAMAREDON, LITTERDRIFTER IS A VBS-WRITTEN WORM DESIGNED
TO SPREAD THROUGH USB DRIVES, DEMONSTRATING THE GROUP’S EVOLVING TACTICS IN
MAINTAINING A FLEXIBLE AND VOLATILE INFRASTRUCTURE.
KEY FINDINGS ON LITTERDRIFTER:
LitterDrifter, Gamaredon’s latest tool in its cyber arsenal, is a VBS-written
worm with dual functionalities.
Its primary objectives are automatic spreading over USB drives and establishing
communication with a flexible set of command-and-control servers. This strategic
design aligns with Gamaredon’s overarching goals, allowing the group to maintain
persistent access to its targets.
USB WORM’S GLOBAL REACH:
While Gamaredon primarily targets Ukrainian entities, the nature of the
LitterDrifter worm introduces a global element to its operations. Indications of
possible infections have been observed in countries such as the USA, Vietnam,
Chile, Poland, Germany, and even Hong Kong. This suggests that, like other USB
worms, LitterDrifter may have spread beyond its originally intended targets,
posing a broader threat to cybersecurity worldwide.
Distribution of victims’ per country
BACKGROUND:
In the ever-evolving landscape of cybersecurity threats, certain adversaries
stand out for their audacity and persistence. Gamaredon, also known as Primitive
Bear, ACTINIUM, and Shuckworm, is a prominent player in the realm of Russian
espionage, with a unique focus on Ukrainian entities. While many Russian cyber
espionage groups operate in the shadows, Gamaredon is notably conspicuous in its
large-scale campaigns, leaving a trail that cybersecurity researchers are keen
to dissect. In this blog post, we turn our attention to one of Gamaredon’s tools
– the notorious USB-propagating worm, LitterDrifter.
GAMAREDON’S AFFILIATION:
Gamaredon distinguishes itself by targeting a wide array of Ukrainian entities,
showcasing a relentless commitment to its espionage goals. The Security Service
of Ukraine (SSU), the Ukrainian law enforcement authority and main intelligence
and security agency in the areas of counter-intelligence activity and combating
organized crime has identified Gamaredon personnel as officers from the Russian
Federal Security Service (FSB), the Russian internal security and
counterintelligence service responsible for counterintelligence, antiterrorism,
and surveillance of the military, adding a geopolitical dimension to the group’s
activities.
UNVEILING THE C2 INFRASTRUCTURE:
In our extensive analysis, we delve into Gamaredon’s command-and-control
infrastructure, highlighting its extreme flexibility and volatility. Despite
these dynamic characteristics, the infrastructure maintains previously reported
patterns and characteristics, indicating a certain level of consistency in
Gamaredon’s approach.
CONCLUSION:
As cybersecurity experts continue to unravel the complexities of state-sponsored
cyber espionage, Gamaredon remains a focal point of scrutiny. The LitterDrifter
worm serves as a testament to the group’s adaptability and innovation,
showcasing the constant evolution of cyber threats. Understanding and dissecting
such malware is crucial in fortifying global cybersecurity defenses against
increasingly sophisticated adversaries.
CHECK POINT CUSTOMERS REMAIN PROTECTED
Check Point Customers remain protected against attacks detailed in this report
while using Check Point Harmony Endpoint . When using Check Point to secure your
business, you gain accurate prevention against the most advanced attacks through
the power of ThreatCloud AI, the brain behind all of Check Point’s
products. ThreatCloud AI.
For further information, read the detailed blog on Check Point Research blog.
0 231
YOU MAY ALSO LIKE
Research November 16, 2023
NOVEMBER SHOPPING SCHEMES: CHECK POINT RESEARCH UNVEILING CYBERCRIMINAL TACTICS
AS LUXURY BRANDS BECOME PAWNS IN EMAIL SCAMS
Highlights: Delivery service and shipping sectors are the focus of ...
Research November 8, 2023
OCTOBER 2023’S MOST WANTED MALWARE: NJRAT JUMPS TO SECOND PLACE WHILE AGENTTESLA
SPREADS THROUGH NEW FILE SHARING MAL-SPAM CAMPAIGN
Check Point Research reported that NJRat climbed four places into ...
Artificial Intelligence October 23, 2023
INTO THE CYBER ABYSS: CHECK POINT’S RIVETING 2024 PREDICTIONS REVEAL A STORM OF
AI, HACKTIVISM, AND WEAPONIZED DEEPFAKES
Criminal activities surged in the first half of the year, ...
Research October 18, 2023
WALMART JUMPS TO TOP SPOT AS THE MOST IMPERSONATED BRAND FOR PHISHING SCAMS IN
Q3 2023
Check Point Research’s latest Brand Phishing Report reveals retail was ...
--------------------------------------------------------------------------------
Follow Us
YOU DESERVE THE BEST SECURITY™ ©1994-2023 Check Point Software Technologies Ltd.
All rights reserved.
Copyright | Privacy Policy
This website uses cookies in order to optimize your user experience as well as
for advertising and analytics. For further information, please read our Privacy
Policy and ourCookie Notice.
Cookies Settings Reject All Accept
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices