Ukraine spots Russian-linked ‘Armageddon’ phishing attacks
The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon). The malicious emails attempt to trick the recipients with lures themed after the war in Ukraine and infect the target systems with espionage-focused malware. CERT-UA has identified two separate cases, one targeting Ukrainian organizations and the other focusing on government agencies in the European Union. Armageddon is a Russian state-sponsored threat actor who has been targeting Ukraine since at least 2014 and is considered part of the FSB (Russian Federal Security Service). According to a detailed technical report published by the Ukrainian secret service in November 2021, Armageddon has launched at least 5,000 cyber-attacks against 1,500 critical entities in the country. The Ukrainian forces have previously identified members of the Armageddon cyber-force, exposed their toolset, and traced custom malware development efforts to Russian hacking forums.