Gamacopy: A New Cyber Espionage Group Imitating Gamaredon To Target Russia
Category
Summary: A recent report from Knownsec 404 highlights the emergence of GamaCopy, a cyber espionage group imitating Gamaredon APT, targeting Russian defense and critical infrastructure. GamaCopy uses military-themed documents as bait, employing obfuscated scripts and open-source tools like UltraVNC to minimize detection. The group’s tactics reveal a sophisticated approach to cyber espionage, complicating attribution and showcasing a false flag operation.

Threat Actor: GamaCopy | GamaCopy
Victim: Russian defense and critical infrastructure sectors | Russian defense and critical infrastructure sectors

Keypoints :

  • GamaCopy mimics Gamaredon APT but focuses on Russian-language materials and targets.
  • The group uses military-related documents as bait, embedded in 7z SFX archives to deliver payloads.
  • GamaCopy employs UltraVNC, disguising it as common system processes to evade detection.
  • Key differences from Gamaredon include port usage and attack chain variations.
  • First identified in June 2023, GamaCopy has likely been active since at least August 2021.

Source: https://securityonline.info/gamacopy-a-new-cyber-espionage-group-imitating-gamaredon-to-target-russia/