Summary: A new threat actor called GamaCopy has been observed emulating tactics from the Kremlin-aligned Gamaredon group, primarily targeting Russian-speaking entities. The group is noted for using military-related content to deploy UltraVNC for remote access, closely resembling techniques used by another hacking faction, Core Werewolf. This pattern of behavior highlights an evolving landscape of cyber threats amidst ongoing geopolitical tensions stemming from the Russo-Ukrainian war.
Affected: Russian-speaking organizations
Keypoints :
- GamaCopy has adopted tradecraft similar to Gamaredon, indicating its strategy against Ukrainian interests.
- The attacks utilize military facility lures to install UltraVNC for unauthorized remote access.
- Connections to Core Werewolf suggest a broader network of cyber threats targeting Russian entities, with several groups employing effective phishing techniques.
Source: https://thehackernews.com/2025/01/gamacopy-mimics-gamaredon-tactics-in.html