Recent Shuckworm activity observed by Symantec, a division of Broadcom Software, and aimed at Ukraine appears to be delivering information-stealing malware to targeted networks. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26.
The activity observed by Symantec began on July 15, and we have additional indicators of compromise (IOCs) and technical details to share about this campaign.
Shuckworm (aka Gamaredon, Armageddon) is a Russia-linked group that has almost exclusively focused its operations on Ukraine since it first appeared in 2014. It is generally considered to be a state-sponsored espionage operation.
Read more…
Source: Symantec