zCat on Nostr: Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware The ...
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.
The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.
The cybersecurity company is tracking the threat actor under the name BlueAlpha, which is also known as Aqua Blizzard, Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder. The group, believed to be active since 2014, is affiliated with Russia's Federal Security Service (FSB).
The tools are chiefly engineered to steal valuable data from web applications running inside internet browsers, email clients, and instant messaging applications such as Signal and Telegram, as well as download additional payloads and propagate the malware via connected USB drives.
See more: https://thehackernews.com/2024/12/hackers-leveraging-cloudflare-tunnels.html
#cybersecurity #cloudflare #malware
The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.
The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.
The cybersecurity company is tracking the threat actor under the name BlueAlpha, which is also known as Aqua Blizzard, Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder. The group, believed to be active since 2014, is affiliated with Russia's Federal Security Service (FSB).
The tools are chiefly engineered to steal valuable data from web applications running inside internet browsers, email clients, and instant messaging applications such as Signal and Telegram, as well as download additional payloads and propagate the malware via connected USB drives.
See more: https://thehackernews.com/2024/12/hackers-leveraging-cloudflare-tunnels.html
#cybersecurity #cloudflare #malware