The Russian state-sponsored hacking group Gamaredon (aka Armageddon or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics.
Previously, the Russian hackers, who have been linked to the FSB, were observed using information-stealers against Ukrainian state organizations, employing new variants of their "Pteranodon" malware, and also using a default Word template hijacker for new infections.
Symantec's threat research team, part of Broadcom, reports today that the threat actors have recently begun using USB malware to propagate to additional systems inside infected networks.
Another interesting element in Gamaredon's newest campaign is to target HR departments, potentially indicating that the threat actors are aiming for spear-phishing attacks within breached organizations.