GamaCopy, a newly identified threat actor, is replicating the tactics of the Kremlin-aligned Gamaredon hacking group in its cyber attacks focused on Russian-speaking entities. The attacks utilize military-themed lures to deploy UltraVNC for remote access and show striking similarities to previous strategies employed by Core Werewolf. Knownsec 404 articulated that both groups use similar patterns when targeting, including spear-phishing techniques and the deployment of SFX archives, reflecting a concerning trend of alignment between different hacking groups operating within this sphere.
The TTP (Tactics, Techniques, and Procedures) of this organization imitates that of the Gamaredon organization which conducts attacks against Ukraine.
Since its exposure, this organization has frequently mimicked the TTPs used by the Gararedon organization and cleverly used open-source tools as a shield to achieve their objectives.
Collection
[
|
...
]