Gamaredon Group Intensifies Cyberespionage Against Ukraine in 2025

ESET Research has released findings on the Gamaredon group, a Russia-aligned APT, detailing its cyberespionage activities throughout 2025. The group focused on exfiltrating sensitive data from Ukrainian governmental and military institutions, employing new tools and tactics. Notably, Gamaredon introduced six new PowerShell tools, including PteroPaste, which enhances its capabilities for lateral movement and data exfiltration. The group remained active despite a brief operational pause in January 2025, with increased spear phishing campaigns in the latter half of the year. Collaboration with other Russia-aligned threat actors, such as Turla and UAC-0099, indicates a coordinated effort to amplify their impact. The research highlights the use of legitimate third-party services to obscure command and control operations and data theft. Gamaredon's activities align closely with Russian geopolitical objectives amid the ongoing conflict with Ukraine.

Key Points: • Gamaredon introduced six new PowerShell tools in 2025, enhancing its cyber capabilities. • The group focused on spear phishing campaigns, significantly increasing their frequency and scale. • Collaboration with other Russia-aligned groups indicates a coordinated cyberespionage strategy.