Gamaredon Group Description
The Gamaredon Group is an Advanced Persistent Threat (APT) group that has been active since 2013 – their targets are often Ukrainian government officials, and they rely on phishing emails to deliver threatening binaries to their targets primarily. The documents used as bait may often be disguised as important military files that the recipient is likely to want to review. Although the group has been active for over five years, they have not made many changes to their approach, and continue to use a combination of custom-developed malware and public tools to execute their attacks. It is not unusual for APT groups to abuse legitimate tools for harmful purposes since attacks of this sort are often more difficult to spot.
Pteranodon, an Essential Part of the Gamaredon Group's Attacks
One of the notorious tools that the Gamaredon Group has used recently is the Pteranodon Trojan, a backdoor that we have covered on our websites extensively. Pteranodon can act as a reconnaissance tool that captures screenshots from the infected host, as well as a backdoor that allows the Gamaredon Group threat actors to plant secondary payloads on the compromised system.
Earlier, we mentioned that the Gamaredon Group has been taking advantage of public hacking tools and legitimate applications to carry out nefarious tasks on infected hosts – one of the earliest examples of this dates back to 2014 when they propagated a copy of the 'Remote Manipulator System' (RMS) remote control software to their targets. The threat was distributed via phishing emails that contained a macro-laced document whose purpose was to drop a self-extracting archive to the victim's computer. RMS is not the only remote access tool that the Gamaredon Group has used, and through the years, they have carried out attacks using other popular Virtual Network Computing (VNC) programs.
The group's end-goal appears to be performing long-term reconnaissance operations and extracting data from the infected network. Their carefully selected targets and tailored phishing emails are a certain sign that the group has inside information that helps them craft legit-looking bait documents.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Gamaredon Group may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.