BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims. They collect data such as SMS messages, call logs, phone call audio, photos from device cameras, device location, and contact lists.
Gamaredon's use of Cloudflare Tunnels as a tactic to conceal its staging infrastructure marks a significant evolution in its operational methods, especially with the launch of mobile-only malware families.
The targeting of Uzbekistan, Kazakhstan, Tajikistan, and Kyrgyzstan by Gamaredon may be linked to worsening relations with Russia following the outbreak of the Ukraine invasion.
Gamaredon is believed to have been operational with BoneSpy since at least 2021, while PlainGnome emerged only earlier this year, showcasing the group’s ongoing adaptive tactics.
Collection
[
|
...
]