Gamaredon APT cyber feud strikes Ukrainian entities

Threat Level – Red | Vulnerability Report
Download PDF

One of the most ubiquitous, intrusive, consistently active, and laser-focused APTs targeting Ukraine in cyberspace is the Gamaredon group, also known as the Shuckworm. Gamaredon Group has employed fast flux DNS to improve functional efficacy. Fast flux DNS pivots through multiple IPs frequently, using each for a brief time to make IP-based block listing challenging. Threat actors frequently hijack legitimate services to query IP addresses in order to avoid DNS logging for malicious domains.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox