When describing state-backed threat actors, one would probably expect a super sophisticated, stealthy group capable of avoiding all alarms and defenses with surgical precision. With Gamaredon, most of that goes out the window as this is one noisy, extremely active Russia-aligned group that does not care if defenders uncover its activities. However, it is also an actor that develops and improves its cyberespionage tools and techniques literally every day.<\/p>\n
In this special episode, ESET Principal Malware Researcher Robert Lipovsk\u00fd<\/a> plays the host \u2013 in cooperation with our usual host Aryeh Goretsky<\/a> \u2013 and questions ESET\u2019s house expert on Gamaredon, Senior Malware Researcher Zolt\u00e1n Rusn\u00e1k<\/a>. In the debate, they introduce the threat actor, including its standard modus operandi, exclusive victimology, vast collection of advanced tools and social engineering tricks, and even its estimated geolocation.<\/p>\n However, these 23 minutes will cater mostly to those interested in the technical details of Gamaredon\u2019s spearphishing campaigns, techniques to weaponize Word documents and USB drives, approaches to avoid domain blocking, and increasingly advanced obfuscation. So if you\u2019re a security geek interested in this kind of threat intelligence, you\u2019re up for a treat.<\/p>\n To make our podcast worth the while of defenders, Robert and Zoltan also included quite a lot of preventive measures and tips that anyone sitting in a security operations center can use to hunt for Gamaredon\u2019s activity in their network \u2013 although that mostly applies to organizations in Ukraine.<\/p>\n For full details on where and how the Russia-aligned threat actor Gamaradeon operates, read more in ESET\u2019s recently published white paper<\/a>. For more security research information, follow ESET Research on X (formerly known as Twitter)<\/a> and read our other blogposts, reports, and papers on WeLiveSecurity.com<\/a>. If you like what you hear, subscribe for more on Spotify<\/a>, Apple Podcasts<\/a>, or PodBean<\/a>.<\/p>\n<\/p>\n