ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Gamaredon ramps up Ukraine spear-phishing with new malware and cloud abuse

Source headline: Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

ESET reports the Russian APT group Gamaredon increased its operations against Ukraine through 2025. The activity included 35 spear-phishing campaigns targeting new victims, many launching in the latter half of the year. The intrusions involved both malware additions and abuse of cloud services for staging or delivery. This combination can help attackers evade controls and maintain persistence across environments. Organizations with Ukrainian exposure should review email security, harden cloud credentials, and hunt for Gamaredon indicators. Incident response teams should also validate outbound access and suspicious authentication patterns in cloud logs.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#malware #apt #ukraine #cloud-abuse #gamaredon #spearphishing
Original reporting The Hacker News Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
Open original source

Related Pulse Signals

View all signals
High · Cybersecurity Post-quantum cryptography begins with protecting today’s credentials High · Cybersecurity US puts $10M bounty on UNC5792 and UNC4221 over messaging app intrusions High · Cybersecurity Microsoft removes 119 malicious Edge extensions hiding payloads in images High · Cybersecurity Hijacked npm and Go packages use VS Code tasks to deliver Python infostealer