Reportseverity: High2023-06-15
Symantec details Shuckworm long-running intrusions in Ukrainian military and government
published by Symantec (Broadcom)
Actor
Russian state-sponsored intrusion set publicly attributed by the Security Service of Ukraine (SBU) to FSB officers based in Russian-occupied Crimea. The longest-running publicly-documented intrusion…
Summary
Symantec's Threat Hunter Team reported sustained Shuckworm (Gamaredon) intrusions against Ukrainian security, military and government organizations between February and May 2023, with some intrusions persisting for up to three months. The operators sought reporting on Ukrainian service members, battlefield engagements, air strikes and arsenal inventories, and deployed a new PowerShell USB-propagation script to spread the Pterodo backdoor across air-gapped or removable media.
Tags
espionageukrainemilitarypterodousb
Primary source
security.comOther Gamaredon events
- 2025-04-10Shuckworm targets foreign military mission in Ukraine with updated GammaSteel
- 2022-09-15Cisco Talos reports Gamaredon info-stealer campaign against Ukrainian government
- 2022-04-20Five Eyes joint advisory AA22-110A names Primitive Bear (Gamaredon) among Russian threats to critical infrastructure
- 2022-02-04Microsoft details ACTINIUM (Gamaredon) operations against Ukrainian organizations
- 2021-11-04SBU publicly attributes Gamaredon to FSB Center 18 and names five officers