ACTINIUM threat actors target organizations in Ukraine

Microsoft shared new information on cyber threat group dubbed ACTINIUM (also known as Gamaredon) that has been targeting organizations in Ukraine or those related to Ukrainian affairs. The cyber activity is also tracked back to DEV-0157.

Microsoft Threat Intelligence Center (MSTIC) provided an excerpt of the threat in a blog post February 4, 2022:

“In the last six months, MSTIC has observed ACTINIUM targeting organizations in Ukraine spanning government, military, non-government organizations (NGO), judiciary, law enforcement, and non-profit, with the primary intent of exfiltrating sensitive information, maintaining access, and using acquired access to move laterally into related organizations. MSTIC has observed ACTINIUM operating out of Crimea with objectives consistent with cyber espionage.”

Moreover, MSTIC said the Ukrainian government has publicly attributed this group to the Russian Federal Security Service (FSB).

Readers can check out more details on the malware capabilities used by the ACTINIUM actors (such as PowerPunch, Pterodo, and QuietSieve) and indicators of compromise.