A hacking group known as GamaCopy has been making headlines recently for its sophisticated tactics in targeting Russian defense and critical infrastructure. This group has been identified as mimicking the tactics of the well-known Russia-linked threat actor Gamaredon, in what appears to be a false-flag campaign designed to mislead investigators.
According to research conducted by Chinese cybersecurity firm Knownsec, GamaCopy’s latest campaign involved the use of phishing documents disguised as reports on Russian armed forces’ locations in Ukraine. In addition, the group utilized the open-source software UltraVNC for remote access to compromised systems. While GamaCopy’s methods closely resemble those of Gamaredon, researchers have noted several key differences, such as the group’s focus on Russian-language victims and the unique use of UltraVNC in their attacks.
The timeline of GamaCopy’s activities indicates that the group has been targeting Russia’s defense and critical infrastructure sectors since June 2023, with potential earlier activity dating back to August 2021. Knownsec’s analysis has linked GamaCopy to another state-sponsored actor known as Core Werewolf, which has been targeting Russian defense systems since 2021. This association points to a deliberate false-flag campaign orchestrated by GamaCopy to deflect attention from their true origins.
The emergence of GamaCopy and its false-flag operations is part of a larger trend of hacker groups conducting cyber-espionage campaigns against Russian entities. This trend underscores the increasing complexity and state-backed nature of cyber threats in today’s digital landscape. As cybersecurity experts continue to investigate and monitor these groups, it is clear that the stakes are high and the need for robust defenses against such attacks is more critical than ever.
In conclusion, the activities of GamaCopy and its resemblance to Gamaredon highlight the evolving tactics of malicious actors in the cyber realm. The group’s deliberate targeting of Russian defense and critical infrastructure sectors, along with its false-flag techniques, pose a significant challenge to cybersecurity professionals and government agencies. As the threat landscape continues to evolve, it is imperative that organizations remain vigilant and proactive in defending against such sophisticated cyber threats.