Infostealer appears to be payload in recent activity aimed at Ukrainian organizations.
This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26.
Shuckworm (aka Gamaredon, Armageddon) is a Russia-linked group that has almost exclusively focused its operations on Ukraine since it first appeared in 2014. It is generally considered to be a state-sponsored espionage operation.
The first suspicious activity Symantec saw on victim systems was a self-extracting 7-Zip file, which was downloaded via the system’s default browser.
#Analysis #APT #IoCs