GamaCopy Group Mimics Gamaredon Tactics in Cyber Attacks
/ 1 min read
🦠 New cyber threat actor GamaCopy mimics Kremlin-aligned Gamaredon tactics. A recently identified group, GamaCopy, has been observed employing techniques similar to those of the Gamaredon hacking group in attacks against Russian-speaking entities. The Knownsec 404 Advanced Threat Intelligence team reported that GamaCopy’s operations involve using military-related content as bait to deploy UltraVNC for remote access. This campaign shares characteristics with another group, Core Werewolf, which has also targeted Russian organizations. The attacks utilize self-extracting archive files to deliver malicious payloads while disguising the UltraVNC executable as a Microsoft OneDrive file to evade detection. GamaCopy is among several threat actors exploiting the ongoing geopolitical tensions following the Russo-Ukrainian war.
