Gamaredon APT Escalates Cyber Operations Against Ukraine in 2025

The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35 spear-phishing campaigns last year, utilizing new tools like PteroPaste, which can weaponize USB drives. The group took a break in January 2025, likely due to Russian holidays, but resumed operations in February, developing new malware and enhancing its command-and-control concealment tactics. Gamaredon's activities align closely with Russian geopolitical objectives, targeting governmental and military institutions in Ukraine. The group has also collaborated with other Russian threat actors, including Turla, to amplify its operational impact. The ongoing cyber operations are indicative of a coordinated effort to gather intelligence and support Russian interests in the ongoing conflict.

Key Points: • Gamaredon conducted 35 spear-phishing campaigns against Ukraine in 2025. • New tools like PteroPaste allow for advanced malware delivery via USB drives. • The group collaborates with other Russian APTs, enhancing its operational effectiveness.