Gamaredon: The Turncoat spies mercilessly hacked Ukraine

Russian state hackers, perhaps more than those of any other nation, tend to show up. Thehe The notorious worm sandwiches Within Russia, the GRU Military Intelligence Agency, for example, provoked unprecedented eclipses and released a destructive, self -reproducible code. Fsb’s Brilliant group Turla He abducted satellite internet connections to steal casualties from space. But a team of less shiny cyberpia working on behalf of the Kremlin rarely wins the same notice: Armageddon or Gamar.

The hackers, which are thought to work in the service of the Russian intelligence agency of FSB, are not known for their improvement. Still, they have gathered together a decade plus for almost constant violations aimed at espionage, grinding with simple, recurring methods of penetration, year after year. Thanks to this purely predominant amount of hacking attempts, they are some measures that the highest threat to espionage facing Ukraine in the midst of his war with Russia, according to the cybersecurity defenders who follow the group.

“They are the most active state group of hackers, attacking Ukrainian organizations so far,” says Robert Lipovski, a researcher of malware at the Slovak Cybersecurity Company ESET.

ESET followed Gamaredon as he has violated the networks of hundreds of victims in Ukraine, stealing thousands of files daily, Lipovski says. “Their work is highly effective,” says Robert Lipovski, a researcher of malware in Esethe. “The volume is their large differential and that makes them dangerous.”

If Gamaredon does not behave like other Russian hacker groups, this is partly because some of them are not Russian citizens – or not, technically, until 2014.

According to the Ukrainian government, the Gamaredon hackers are based in Crimea, the Ukraine Peninsula, which was seized from Russia after the Maidan revolution in Ukraine. Some of them previously worked on behalf of Ukraine’s own security services before switching the countries when Russian Crimean occupation began.

“They are officers of the Crimean FSB and traitors who have given up the enemy,” says one 2021. A statement from the Ukrainian intelligence agency SBUwhich claims that the group has carried out more than 5,000 attacks on Ukrainian systems, including critical infrastructure such as “power plants, heat and water supply systems”.

The initial group access techniques, ESET Lipov says, consist almost entirely of simple attack attacks, casualties of victims with attachment messages for malware-as a malware that can infect USB discs and distribute from machine to machine. These relatively basic tactics have hardly evolved, as the group first appeared as a threat to Ukraine at the end of 2013, but as tirelessly deviates from those simple forms of hacking and directing virtually every Ukrainian government and military organization – as well as Ukrainian allies in Eastern Europe – on a daily basis.

“People sometimes do not realize how much the” perseverance “plays in the phrase appropriate,” says John Hill, chief analyst of the Google Intelligence Intelligence Group. “They are simply ruthless. And that in itself can be something like a superpower. “

In October 2024, the Ukrainian government came to the point that the sentence of two of Gamaredon’s hackers in absentia for not only hacker crimes but also for betrayal. A SBU’s statement At that time, the two men were accused – none of whom was baptized – to “betrayed his oath”, voluntarily joining FSB.