Gamaredon
Coverage of Gamaredon in the Nexus archive.
- Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group, Gamaredon, has expanded its cyber attacks against Ukraine in 2025 by deploying new malware and abusing cloud services. Slovakian cybersecurity company ESET reported 35 spear-phishing campaigns conducted by Gamaredon, primarily targeting new entities in the second half of the year.
- Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses
The Russian state-sponsored APT group Gamaredon has enhanced its capabilities by improving malware deployment and server concealment techniques. This upgrade necessitates the development of new defensive strategies to counter their activities.
- Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group Gamaredon is exploiting a WinRAR vulnerability (CVE-2025-8088) to deliver malware families like GammaWorm, GammaSteel, and GammaPhish, targeting data theft and propagation. Sekoia reports that the attack chain uses a path traversal flaw in WinRAR to deploy an HTML Application payload for further malicious activity.