BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Russian APT’s 2025 Onslaught: Malware Evolves Against Ukraine

Russian-linked Gamaredon group intensifies cyberattacks against Ukraine using new tools and covert infrastructure.

  • The Russian-linked Gamaredon APT group executed 35 spear-phishing campaigns in 2025, primarily targeting Ukrainian government and military entities.
  • Their arsenal expanded with six new PowerShell tools and novel exploitation of a WinRAR vulnerability to achieve persistent access.
  • The attackers increasingly relied on legitimate cloud services, tunnel platforms, and “dead drops” to conceal their command-and-control infrastructure.

The Russian advanced persistent threat group Gamaredon intensified its cyber campaign against Ukraine throughout 2025, launching dozens of sophisticated spear-phishing attacks primarily aimed at government and military institutions according to ESET. Their ongoing objective remains the theft of sensitive information to support Russian military interests in the ongoing conflict.

- Advertisement -

These attacks often employed malicious archive attachments or XHTML files using HTML smuggling to deliver downloaders. Some campaigns even weaponized a patched WinRAR flaw, allowing malware to be placed directly in the Windows Startup folder for automatic execution.

Consequently, the group’s toolkit saw significant expansion with the introduction of six new custom PowerShell tools. These include PteroDee, PteroCache, and PteroOdd, which fetch and execute payloads from hidden channels.

Meanwhile, Gamaredon also revived older weaponizers like PteroSetup to infect USB and network drives. Their operations relied heavily on lateral movement through malicious LNK files to spread the infection across compromised networks.

However, a defining trend in 2025 was the group’s growing dependence on third-party services to hide their activities. They extensively used tunnel services, serverless workers, and a wide array of legitimate platforms as dead drop resolvers and data exfiltration channels.

- Advertisement -

These services included cloud storage like Dropbox and GoFile, blogging platforms such as Telegra.ph and DEV Community, and even social networks like Mastodon. This approach made their infrastructure more flexible and significantly harder for defenders to track and disrupt.

ESET researcher Zoltán Rusnák noted, “While the group took a short operational break in January 2025, Gamaredon spent much of its effort in the first half of that year developing and deploying new tools.” The timing of updates around Russian holidays further suggested the operators are likely government-affiliated employees.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bernstein Sees Entry Point As Nvidia Stock Hits $190

Analysts at Bernstein have reiterated a 'buy' rating for NVIDIA stock, suggesting the current...

Bitcoin ETF Outflows Hit Record as Strategy Fights mNAV

Bitcoin is poised for its steepest monthly loss since June 2022 as investors flee...

Fomo raises $75M for social crypto trading as rules ease

Fomo has raised $75 million in venture capital at a $550 million valuation, led...

Microsoft’s Edge Store Hit by Stealthy “StegoAd” Malware

Microsoft shut down a large-scale malicious extension campaign on its Edge Add-ons store, dubbed...

Wells Fargo Cuts Nvidia Target But Keeps Buy Rating

Wells Fargo's Aaron Rakers reduced NVIDIA's price target from $375 to $315 but maintains...

Must Read

10 Best Crypto to Mine Without Special Hardware Equipment

A lot of people mostly think that it takes a difficult process to mine cryptocurrency. today we are going to show you some of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading