Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the neighboring state, and recently, it appears to have returned with a new campaign targeting Ukrainian government officials, threat researchers say.
Gamaredon – also known as Primitive Bear – is behind the malicious cyber activity, Anomali concluded with "high confidence" in research shared with CyberScoop in advance of its publication.
Read alsoU.S. preparing retaliatory cyberattack against Russia – mediaThe campaign first appeared in January and ran through at least mid-March, Anomali said. Publication of the research coincides with escalating tensions between the two nations, with a Russian troop buildup along the Ukrainian border.
"This one is interesting because the alignment of real-world events is just another indication of potential hybrid warfare that Russia is known to engage in," said Gage Mele, lead cyber threat intelligence analyst at Anomali.
The latest campaign’s goals were unclear, because the remote template domains it used were down at the time of discovery.
The suspected Russian hackers capitalized on current events as part of the likely spearphishing attempts. One legitimate-appearing document in the campaign is a Bulgarian-themed dissertation, during a time when Bulgarian prosecutors charged six Bulgarian government officials with spying for Russia.
"It would not be unlikely to think that Primitive Bear was using Bulgaria-themed decoys before the media knew of the events, thus making the information more relevant to Ukrainian officials who knew what was transpiring," the research reads.