When describing state-backed threat actors, one would probably expect a super sophisticated, stealthy group capable of avoiding all alarms and defenses with surgical precision. With Gamaredon, most of that goes out the window as this is one noisy, extremely active Russia-aligned group that does not care if defenders uncover its activities. However, it is also an actor that develops and improves its cyberespionage tools and techniques literally every day.
In this special episode, ESET Principal Malware Researcher Robert Lipovský plays the host – in cooperation with our usual host Aryeh Goretsky – and questions ESET’s house expert on Gamaredon, Senior Malware Researcher Zoltán Rusnák. In the debate, they introduce the threat actor, including its standard modus operandi, exclusive victimology, vast collection of advanced tools and social engineering tricks, and even its estimated geolocation.
However, these 23 minutes will cater mostly to those interested in the technical details of Gamaredon’s spearphishing campaigns, techniques to weaponize Word documents and USB drives, approaches to avoid domain blocking, and increasingly advanced obfuscation. So if you’re a security geek interested in this kind of threat intelligence, you’re up for a treat.
To make our podcast worth the while of defenders, Robert and Zoltan also included quite a lot of preventive measures and tips that anyone sitting in a security operations center can use to hunt for Gamaredon’s activity in their network – although that mostly applies to organizations in Ukraine.
For full details on where and how the Russia-aligned threat actor Gamaradeon operates, read more in ESET’s recently published white paper. For more security research information, follow ESET Research on X (formerly known as Twitter) and read our other blogposts, reports, and papers on WeLiveSecurity.com. If you like what you hear, subscribe for more on Spotify, Apple Podcasts, or PodBean.