The Cyber Incident Response Operations Center of the SSSCIP State Cyber Defense Center is detecting targeted cyberattacks on public authorities and critical information infrastructure, attributed to the UAC-0010 (Gamaredon, Armageddon) group.

Despite prevalent use of repeated techniques and procedures, criminals have been slowly but steadily improving their tactics and modifying spyware variations to remain undetectable by cyber protection mechanisms, mostly based on signature analysis. This is why targeted cyberattacks remain among the major cybersecurity threats in Ukraine.

UAC-0010 group’s ongoing activity is characterized by multi-step download approach and executing payloads of the spyware used to maintain control over infected hosts. Such payloads represent similar types of spyware developed by criminals to execute identical behavior patterns. For now, the UAC-0010 group uses GammaLoad and GammaSteel spyware in their campaigns.

The Cyber Incident Response Operations Center has prepared a report on the findings of the spyware study.

Proactive action and following the Information Infrastructure Cyber Protection Guidelines, available at: https://cip.gov.ua/ua/news/nakaz-ad-2021-10-06-601, is essential to enhance protection of information and communication resources that belong to public authorities, companies, institutions and organizations, regardless of their ownership.

ANOTHER UAC-0010 STORY