this post was submitted on 01 Dec 2025
2 points (100.0% liked)

blueteamsec

630 readers
41 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
2
A new wiper attack has been identified affecting Ukraine. (self.blueteamsec)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink hide all child comments
 

"A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine. We named this wiper "GamaWiper" (VBS-based wiper). The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group. This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities."

Related IoCs: 95262c4094a9a5e589a218e354ef54b3800aa0abc3b6a343bbcfdcbf021fc04f – initial ZIP with vulnerability CVE-2025-80880 68e21d7599d20444232415a7e74214ce50d7b4643215d83b8320e74c95a9dfd3 – downloaded VBA aafa4c206495163a5e408aa5c296139fe9f330a9f819a226c6934921493de9c6 – downloaded (padded+base64) wiper d4ce4776bdad9b741a1e8345b41737245b80f4cf8d361ebb1ae5415c7a4fe1eb – base64 encrypted wiper 9a39423ec90dc06a3058279cd744c08d83252d1c7096633b9853e435cc205755 – deobfuscated wiper

src: https://x.com/ClearskySec/status/1995061537183011084

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here