FSB-linked Gamaredon group uses multi-stage GammaLoad malware chain to target Ukraine
By
SekoiaIO
1mo ago· 4 min readenInsight
Summary
Sekoia.io's investigation reveals how Gamaredon, an FSB-linked cyber espionage group targeting Ukraine, employs a multi-stage malware chain called GammaLoad. The operation uses loaders, droppers, and registry-cached C2 configurations to maintain stealthy, persistent access. The group abuses trusted services like Telegram, Telegraph, Cloudflare, and Check-Host to retrieve payloads and ultimately deliver the GammaSteel malware.
Source
bskyFSB-linked Gamaredon group uses multi-stage GammaLoad malware chain to target Ukrainehendryadrian.comKey quotes
· 2 pulledSekoia.io's investigation details how Gamaredon, an FSB-linked intrusion set targeting Ukraine, uses a multi-stage GammaLoad chain to maintain stealthy, persistent access through loaders, droppers, and registry-cached C2 configuration.
The report shows the group abusing trusted services like Telegram, Telegraph, Cloudflare, and Check-Host to retrieve payloads and ultimately deliver GammaSteel.
Sekoia.io’s investigation details how Gamaredon, an FSB-linked intrusion set targeting Ukraine, uses a multi-stage GammaLoad chain to maintain stealthy, persistent access through loaders, droppers, and registry-cached C2 configuration. The ...
You might also wanna read

New Iran-Linked Hacker Group ‘Cavern Manticore’ Targets Israeli Government via IT Supply Chain : Report
Defense News·14h ago

‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks
BackBox.org·1d ago
Malwarebytes Breach: Supply Chain Attacks Continue
Packetlabs·5y ago
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
thehackernews.com·1d ago
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
thehackernews.com·4d ago
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
thehackernews.com·6d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.