Gamaredon's PteroLNK Malware: Stealthy Espionage Tactics Uncovered - #Gamaredon
The Russia-linked cyberespionage group Gamaredon, also known as Shuckworm or Armageddon, has been actively targeting Ukrainian organizations and Western military missions in Ukraine throughout 2024 and 2025. Their campaigns involve sophisticated malware, including updated versions of GammaSteel and PteroLNK, which are distributed through spear-phishing emails and infected removable drives. The group has shown increased sophistication in their tactics, employing obfuscated PowerShell scripts, multi-stage infection chains, and leveraging legitimate services like Cloudflare and Telegram for command and control communication. Gamaredon's primary focus remains espionage within Ukraine, targeting government, military, and critical infrastructure sectors. Despite being considered less skilled than other Russian actors, the group compensates with continuous code modifications and the use of Dead Drop Resolvers (DDRs) to maintain a resilient infrastructure. These ongoing cyber operations underscore the escalating threat landscape in Eastern Europe and the need for enhanced cybersecurity measures.