ESET Research details Gamaredon's 2025 cyberespionage operations: new tools, infrastructure shifts, and growing use of legitimate services
By
Zoltán Rusnák
Summary
ESET Research's analysis of the Russia-aligned APT group Gamaredon (attributed to Russia's FSB 18th Center) reveals that the group maintained a high operational tempo throughout 2025 targeting Ukraine. The research covers new tools added to Gamaredon's arsenal, significant shifts in how it protects its network infrastructure, and its growing reliance on legitimate online services (tunnels, workers, dead drops) to hide command-and-control infrastructure and exfiltrate stolen data. The group has also formed new alliances to bolster its cyberespionage capabilities against Ukraine.
Source
Key quotes
· 3 pulledCyberespionage has remained a constant feature of Russia's war against Ukraine.
ESET Research has long tracked Gamaredon, one of the most active Russia-aligned advanced persistent threat (APT) groups targeting Ukraine.
The group, attributed by the Security Service of Ukraine (SSU) to the 18th Center of Information Security of Russia's FSB, maintained a high operational tempo throughout 2025.
You might also wanna read

OpenAI restricts GPT-5.5-Cyber launch to trusted cybersecurity professionals only
OpenAI is launching GPT-5.5-Cyber, a new cybersecurity-focused AI model that will not be available to the general public. Instead, CEO Sam A
Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities
Leaked Documents Reveal Russian Plan to Build Alternative Information Ecosystem Targeting AI and Search
Leaked documents from Russia's Social Design Agency, reviewed by Bloomberg News, reveal a project called "Project 2026" aimed at building an
Orbital Data Centers, Golden Dome OTAs and a European Space Act Update
Analysis of First Reported AI-Orchestrated Cyber Espionage Campaign Detected in 2025
The article describes the discovery and analysis of the first reported AI-orchestrated cyber espionage campaign detected in mid-September 20

U of T researchers discover AI worm that can spread across online devices and hijack networks
University of Toronto researchers have discovered a new class of cyberthreat — an AI-powered worm that can adapt its strategy as it spreads

Comments
Sign in to join the conversation.
No comments yet. Be the first.