Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
Summary
The Russian APT group Gamaredon has intensified its cyberattacks against Ukraine in 2025, employing new malware and leveraging cloud services. ESET reported observing 35 distinct spear-phishing campaigns from the group, primarily in the latter half of the year, targeting new entities.
IFF Assessment
The article details an ongoing and evolving cyberattack campaign by a nation-state-backed threat actor, representing a direct threat to national security and infrastructure.
Defender Context
This report highlights the continued sophistication and adaptability of APT groups like Gamaredon, emphasizing the need for robust defenses against spear-phishing and emerging malware. Defenders should remain vigilant for evolving attack vectors, including the abuse of cloud services, and ensure continuous monitoring and threat intelligence sharing regarding nation-state activity.