The hacker group Gamaredon, linked to Russian government structures, uses the Cloudflare platform to conduct cyber espionage operations against Ukrainian targets.
This inforation was reported by The Record.
According to researchers from Insikt Group, the attackers use the Cloudflare Tunnels tool to conceal their location and infect systems with the GammaDrop malware while remaining undetected.
Gamaredon, also known as BlueAlpha, has been active since 2013 and is believed to be based in Crimea, which is temporarily occupied by Russia. The group, associated with the FSB, is considered one of the most active Russian hacker organizations conducting operations against Ukraine.
Cloudflare Tunnels have become a popular tool among hackers due to their ease of setup and free usage. Researchers note that these technologies allow bypassing standard cyber defenses, making them attractive to malicious actors.
In the latest campaign, Gamaredon used malicious email attachments to deliver GammaDrop to victims' computers. This tool serves as an entry point into the system, allowing subsequent malware, known as GammaLoad, to be uploaded. It gives hackers access to stolen data, accounts, and enables them to remain within the victims' networks for an extended period.
Researchers emphasize that the latest versions of GammaDrop have been specially modified to complicate analysis. The program contains a large amount of random code and variable names, making it difficult to detect.
While the exact targets of this campaign in Ukraine remain unknown, Gamaredon has previously used its tools to steal data, compromise accounts, and gain access to confidential information.
_1733507942.jpg/vEcA0MsmTIrFrhOKccg5nW3vD0k15LLc5CDMGR6Z.jpg)
