Gamaredon Hackers Unleash the Pteredo Backdoor, Target Ukrainian Networks

Multiple Russian Advanced Persistent Threat (APT) groups have been engaging in attacks against Ukrainian target over the past few months. In addition to the hackers from the Fancy Bear group, it seems that another organization has shown activity – the Gamaredon hacking group, also known as Shuckworm. Their latest campaigns targets Ukrainian users exclusively, and the hackers are employing a piece of malware dubbed the Pteredo Backdoor.

The Gamaredon hackers' activities have been followed since 2014, and this is certainly not the first time in which they have weaponized their arsenal against Ukrainian targets. In previous campaigns, their implants have been used in cyber-espionage attacks, which target various government entities and industries in Ukraine.

The Pteredo Backdoor, also called Pteranodon, is receiving regular updates. At least four separate versions of it have been identified by cybersecurity researchers. While the functionality of all samples wwas identical, they appeared to rely on different command-and-control servers to receive commands from, and to exfiltrate data to. The Pteredo Backdoor was also seen abusing pre-made PowerShell and VBS scripts to further enhance its functionality.

Users can stay safe from all Pteredo Backdoor variants by employing up-to-date security measures and policies. Furthermore, they should be more careful with the online content they interact with, therefore minimizing their odds of downloading potentially harmful files onto their computer.