Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group

Ukraine’s premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia’s Federal Security Service (FSB).

Calling the hacker group “an FSB special project, which specifically targeted Ukraine,” the Security Service of Ukraine (SSU) said the perpetrators “are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.”

Automatic GitHub Backups

The names of the five individuals the SSU alleges are part of the covert operation are Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych, and Sushchenko Oleh Oleksandrovych.

Since its inception in 2013, the Russia-linked Gamaredon group (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) has been responsible for a number of malicious phishing campaigns, primarily aimed at Ukrainian institutions, with the goal of harvesting classified information from compromised Windows systems for geopolitical gains.

The threat actor is believed to have carried out no fewer than 5,000 cyberattacks against public authorities and critical infrastructure located in the country, and attempted to infect over 1,500 government computer systems, with most attacks directed at security, defense, and law enforcement agencies to obtain intelligence information.

“Contrary to other APT groups, the Gamaredon group seems to make no effort in trying to stay under the radar,” Slovak cybersecurity firm ESET noted in an analysis published in June 2020. “Even though their tools have the capacity to download and execute arbitrary binaries that could be far stealthier, it seems that this group’s main focus is to spread as far and fast as possible in their target’s network while trying to exfiltrate data.”

Besides its heavy reliance on social engineering tactics as an intrusion vector, Gamaredon is known to have invested in a range of tools for scything through organizations’ defenses that are coded in a variety of programming languages such as VBScript, VBA Script, C#, C++, as…