blog.checkpoint.com
Open in
urlscan Pro
65.9.95.71
Public Scan
URL:
https://blog.checkpoint.com/research/decrypting-danger-check-point-research-deep-dive-into-cyber-espionage-tactics-by-russia...
Submission: On November 20 via api from TR — Scanned from DE
Submission: On November 20 via api from TR — Scanned from DE
Form analysis
3 forms found in the DOM<form id="search-form">
<input type="image" src="/wp-content/themes/atoms/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq" name="stq" class="st-search-input" placeholder="Enter your keywords..." x-webkit-speech=""
x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form>
<form id="search-form1">
<label style="display: none;">Search</label>
<input type="image" src="https://www.checkpoint.com/wp-content/themes/checkpoint-theme-v2/images/search-btn.png" value="Submit" alt="Search"><input type="text" id="stq1" name="stq1" class="st-search-input" placeholder="Enter your keywords..."
x-webkit-speech="" x-webkit-grammar="builtin:search" autocomplete="off" aria-label="Search Term">
</form>
GET /
<form action="/" id="searchform" class="search-form" method="get">
<div class="form-group">
<input type="search" name="s" class="search-form__input" autocomplete="off" placeholder="Search ...">
<button type="submit" class="btn search-form__submit"><i class="atbs-atoms-icon-right-arrow"></i></button>
</div>
</form>
Text Content
Free Demo Contact Us Support Center Sign In Blog * Search * * Geo Menu * * Choose your language... * English (English) * Spanish (Español) * French (Français) * German (Deutsch) * Italian (Italiano) * Portuguese (Português) * Japanese (日本語) * Chinese (中文) * Korean (한국어) * Taiwan (繁體中文) * Products * QUANTUM * Quantum Security Gateway * Quantum Maestro * Quantum SASE * Quantum SASE Internet Access * Quantum SASE Private Access * Quantum SD-WAN * Quantum Spark * Quantum IoT Protect * Quantum VPN * Quantum Smart-1 * Quantum Smart-1 Cloud * Quantum Cyber Security Platform * CLOUDGUARD * CloudGuard Network * CloudGuard Private Cloud * CloudGuard Public Cloud * CloudGuard CNAPP * CloudGuard Posture Management * CloudGuard Workload * CloudGuard AppSec * CloudGuard Intelligence * CloudGuard Spectral * HARMONY * Harmony Endpoint * Harmony Email & Collaboration * Harmony Mobile * HORIZON * Horizon MDR/MPR * Horizon XDR/XPR * Horizon Playblocks * Horizon Events * Infinity Portal * View All Products A-Z > * Increase Protection and Reduce TCO with a Consolidated Security Architecture DISCOVER Products Overview * Solutions * Cloud Security * Cloud Migration Security * Compliance in the Cloud * Cloud Threat Hunting * Developer Security -------------------------------------------------------------------------------- Cloud Providers * AWS Cloud * Azure Cloud * Google Cloud * Network Security * Hybrid Data Center * SD-WAN Security * Zero Trust Security * IoT Security -------------------------------------------------------------------------------- AI-Powered Prevention * ThreatCloud AI * Users & Access Security * Secure Access Service Edge (SASE) * Endpoint Security * Mobile Security * Browser Security * Anti-Ransomware * Anti-Phishing -------------------------------------------------------------------------------- Security Operations * Zero-Day Protection * Industry * Retail * Financial Services * Federal Government * State and Local Government * Healthcare * Industrial Control Systems ICS & SCADA * Telco / Service Provider * Education -------------------------------------------------------------------------------- Business Size * Large Enterprise * Small & Medium Business * Consumer & Small Business * Solutions Overview > * Increase Protection and Reduce TCO with a Consolidated Security Architecture DISCOVER * Support & Services * Support * Create/View Service Request * Contact Support * Check Point Pro * Support Programs * Life Cycle Policy * License Agreement & Warranty * RMA Policy * Infinity Global Services * IGS Overview * IGS Portal * Assess * Cyber Security Risk Assessment * Security Controls Gap Analysis * Penetration Testing * Threat Intelligence -------------------------------------------------------------------------------- Optimize * Security Deployment & Optimization * Advanced Technical Account Management * Lifecycle Management Services * Master * Mind * Certifications & Accreditations * CISO Training * Security Awareness * Cyber Park -------------------------------------------------------------------------------- Respond * Incident Response * Managed Detection and Response * Digital Forensics * HackingPoint Training Learn hackers inside secrets to beat them at their own game. VIEW COURSES * Partners * Channel Partners * Become a Partner * MSSP Partner Program * Global Systems Integrators * SMB Partners * Find a Partner * Technology Partners * Featured Technology Partners * AWS Cloud * Azure Cloud * Partner Portal * Product Catalog * Renewal Tool * Partner Dashboard * Campaign Central * Campaign Marketplace * Francisco Criado Check Point's VP, Global Partner Ecosystem Organization LEARN MORE * Resources * Resources * Content Resource Center * Product Demos * Product Trials * Customer Stories * Events * Webinars * Videos * Cyber Hub * Downloads & Documentation * Downloads & Documentation * Product Catalog * Renewal Pricing Tool * Cyber Security Insights * Check Point Blog * Check Point Research * Cyber Talk for Executives * CheckMates Community * * Search * Search * Geo Menu * Choose your language... * English (English) * Spanish (Español) * French (Français) * German (Deutsch) * Italian (Italiano) * Portuguese (Português) * Russian (Русский) * Japanese (日本語) * Chinese (中文) * Czech (čeština) * Indonesian (Bahasa Indonesia) * Korean (한국어) * Dutch (Nederlands) * Polish (Polszczyzna) * Turkish (Türkçe) * Taiwan (繁體中文) * Vietnamese (Tiếng Việt) Toggle Navigation Blog Home > Research > Decrypting Danger: Check Point Research deep-dive into cyber espionage tactics by Russian-origin attackers targeting Ukrainian entities Filter by: Select category Research (534) Security (870) Securing the Cloud (269) Harmony (141) Company and Culture (22) Innovation (6) Customer Stories (8) Horizon (1) Securing the Network (7) Partners (1) Connect SASE (10) Harmony Email (42) Artificial Intelligence (15) ResearchNovember 17, 2023 DECRYPTING DANGER: CHECK POINT RESEARCH DEEP-DIVE INTO CYBER ESPIONAGE TACTICS BY RUSSIAN-ORIGIN ATTACKERS TARGETING UKRAINIAN ENTITIES ByCheck Point Research Share * * * * * HIGHLIGHTS: * GAMAREDON, A DISTINCT APT PLAYER IN RUSSIAN ESPIONAGE, STANDS OUT FOR ITS LARGE-SCALE CAMPAIGNS PRIMARILY TARGETING UKRAINIAN ENTITIES. * THE USB WORM, LITTERDRIFTER, REVEALS A GLOBAL IMPACT WITH POTENTIAL INFECTIONS IN COUNTRIES LIKE THE USA, VIETNAM, CHILE, POLAND, GERMANY, AND HONG KONG, EXPANDING BEYOND ITS ORIGINAL TARGETS. * RECENTLY DEPLOYED BY GAMAREDON, LITTERDRIFTER IS A VBS-WRITTEN WORM DESIGNED TO SPREAD THROUGH USB DRIVES, DEMONSTRATING THE GROUP’S EVOLVING TACTICS IN MAINTAINING A FLEXIBLE AND VOLATILE INFRASTRUCTURE. KEY FINDINGS ON LITTERDRIFTER: LitterDrifter, Gamaredon’s latest tool in its cyber arsenal, is a VBS-written worm with dual functionalities. Its primary objectives are automatic spreading over USB drives and establishing communication with a flexible set of command-and-control servers. This strategic design aligns with Gamaredon’s overarching goals, allowing the group to maintain persistent access to its targets. USB WORM’S GLOBAL REACH: While Gamaredon primarily targets Ukrainian entities, the nature of the LitterDrifter worm introduces a global element to its operations. Indications of possible infections have been observed in countries such as the USA, Vietnam, Chile, Poland, Germany, and even Hong Kong. This suggests that, like other USB worms, LitterDrifter may have spread beyond its originally intended targets, posing a broader threat to cybersecurity worldwide. Distribution of victims’ per country BACKGROUND: In the ever-evolving landscape of cybersecurity threats, certain adversaries stand out for their audacity and persistence. Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a prominent player in the realm of Russian espionage, with a unique focus on Ukrainian entities. While many Russian cyber espionage groups operate in the shadows, Gamaredon is notably conspicuous in its large-scale campaigns, leaving a trail that cybersecurity researchers are keen to dissect. In this blog post, we turn our attention to one of Gamaredon’s tools – the notorious USB-propagating worm, LitterDrifter. GAMAREDON’S AFFILIATION: Gamaredon distinguishes itself by targeting a wide array of Ukrainian entities, showcasing a relentless commitment to its espionage goals. The Security Service of Ukraine (SSU), the Ukrainian law enforcement authority and main intelligence and security agency in the areas of counter-intelligence activity and combating organized crime has identified Gamaredon personnel as officers from the Russian Federal Security Service (FSB), the Russian internal security and counterintelligence service responsible for counterintelligence, antiterrorism, and surveillance of the military, adding a geopolitical dimension to the group’s activities. UNVEILING THE C2 INFRASTRUCTURE: In our extensive analysis, we delve into Gamaredon’s command-and-control infrastructure, highlighting its extreme flexibility and volatility. Despite these dynamic characteristics, the infrastructure maintains previously reported patterns and characteristics, indicating a certain level of consistency in Gamaredon’s approach. CONCLUSION: As cybersecurity experts continue to unravel the complexities of state-sponsored cyber espionage, Gamaredon remains a focal point of scrutiny. The LitterDrifter worm serves as a testament to the group’s adaptability and innovation, showcasing the constant evolution of cyber threats. Understanding and dissecting such malware is crucial in fortifying global cybersecurity defenses against increasingly sophisticated adversaries. CHECK POINT CUSTOMERS REMAIN PROTECTED Check Point Customers remain protected against attacks detailed in this report while using Check Point Harmony Endpoint . When using Check Point to secure your business, you gain accurate prevention against the most advanced attacks through the power of ThreatCloud AI, the brain behind all of Check Point’s products. ThreatCloud AI. For further information, read the detailed blog on Check Point Research blog. 0 231 YOU MAY ALSO LIKE Research November 16, 2023 NOVEMBER SHOPPING SCHEMES: CHECK POINT RESEARCH UNVEILING CYBERCRIMINAL TACTICS AS LUXURY BRANDS BECOME PAWNS IN EMAIL SCAMS Highlights: Delivery service and shipping sectors are the focus of ... Research November 8, 2023 OCTOBER 2023’S MOST WANTED MALWARE: NJRAT JUMPS TO SECOND PLACE WHILE AGENTTESLA SPREADS THROUGH NEW FILE SHARING MAL-SPAM CAMPAIGN Check Point Research reported that NJRat climbed four places into ... Artificial Intelligence October 23, 2023 INTO THE CYBER ABYSS: CHECK POINT’S RIVETING 2024 PREDICTIONS REVEAL A STORM OF AI, HACKTIVISM, AND WEAPONIZED DEEPFAKES Criminal activities surged in the first half of the year, ... Research October 18, 2023 WALMART JUMPS TO TOP SPOT AS THE MOST IMPERSONATED BRAND FOR PHISHING SCAMS IN Q3 2023 Check Point Research’s latest Brand Phishing Report reveals retail was ... -------------------------------------------------------------------------------- Follow Us YOU DESERVE THE BEST SECURITY™ ©1994-2023 Check Point Software Technologies Ltd. All rights reserved. Copyright | Privacy Policy This website uses cookies in order to optimize your user experience as well as for advertising and analytics. For further information, please read our Privacy Policy and ourCookie Notice. Cookies Settings Reject All Accept When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Back Button PERFORMANCE COOKIES Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices