Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what’s suspected to be an espionage operation.
Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated by the Computer Emergency Response Team of Ukraine (CERT-UA).
The threat actor, active since at least 2013, is known for explicitly singling out public and private entities in Ukraine. The attacks have since ratcheted up in the wake of Russia’s military invasion in late 2022.
