Microsoft shared new information on cyber threat group dubbed ACTINIUM (also known as Gamaredon) that has been targeting organizations in Ukraine or those related to Ukrainian affairs. The cyber activity is also tracked back to DEV-0157.
Microsoft Threat Intelligence Center (MSTIC) provided an excerpt of the threat in a blog post February 4, 2022:
“In the last six months, MSTIC has observed ACTINIUM targeting organizations in Ukraine spanning government, military, non-government organizations (NGO), judiciary, law enforcement, and non-profit, with the primary intent of exfiltrating sensitive information, maintaining access, and using acquired access to move laterally into related organizations. MSTIC has observed ACTINIUM operating out of Crimea with objectives consistent with cyber espionage.”
Moreover, MSTIC said the Ukrainian government has publicly attributed this group to the Russian Federal Security Service (FSB).
Readers can check out more details on the malware capabilities used by the ACTINIUM actors (such as PowerPunch, Pterodo, and QuietSieve) and indicators of compromise.
- Threat actors breach South Korean atomic research institute via VPN vulnerability
- Threat actors use FiveHands Ransomware and SombRAT in new cyberattack
- CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats
- Microsoft warns of destructive MBR wiper malware targeting Ukranian organizations
- Authorities take down ‘world’s largest’ darknet marketplace