Shuckworm: Russia-Linked Group Maintains Ukraine Focus

Recent Shuckworm activity observed and aimed at Ukraine appears to be delivering information-stealing malware to targeted networks. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26.

REFERENCE: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/russia-ukraine-shuckworm

TAGS: giddome, shuckworm, infostealer, gamaredon, geopolitical conflict

ADVERSARY: Gamaredon Group

TARGETED COUNTRY: Ukraine

MALWARE FAMILY: Giddome

ATT&CK IDS: T1113 - Screen Capture, T1059 - Command and Scripting Interpreter, T1036 - Masquerading, T1119 - Automated Collection, T1218.005 - Mshta, T1020 - Automated Exfiltration, T1041 - Exfiltration Over C2 Channel

Read More:

https://otx.alienvault.com/pulse/62fb67a52633a505e1b26dc9