🟠 High | Source: The Hacker News
Russian APT group Gamaredon has significantly expanded its cyberattacks against Ukrainian targets throughout 2025, deploying new malware variants and abusing legitimate cloud services as part of 35 distinct spear-phishing campaigns observed by ESET. The group’s continued evolution of its toolset demonstrates a sustained and adaptive threat posture against Ukrainian organisations. Cloud service abuse is particularly notable as it allows malicious traffic to blend with legitimate activity, complicating detection.
Security Architect’s Take: Review your organisation’s egress filtering and monitoring for abuse of legitimate cloud platforms (such as Telegram, OneDrive, or similar) as command-and-control channels, and ensure UEBA or anomaly detection is tuned to flag unusual data flows to cloud storage services. If your organisation has any nexus with Ukrainian government, defence, or critical infrastructure sectors, elevate your phishing simulation and email gateway scrutiny accordingly.
Original advisory: Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse