Russian Espionage Group ‘Shuckworm’ Deploys New Malware to Spy on Western Forces in Ukraine

A Decade of Digital Espionage

A Russian-backed hacking group called Shuckworm has launched a new cyberattack. This time, they targeted a foreign military mission in Ukraine. Shuckworm is also known as Gamaredon or Armageddon. The group has been active since 2013. They mostly attack Ukrainian government offices, defense systems, and law enforcement agencies. Experts say Shuckworm works for the Russian Federal Security Service (FSB). Their cyberattacks have continued during the Russia-Ukraine war. This latest attack shows they are still very active and dangerous.

The latest campaign was discovered by cybersecurity experts at Symantec, who reported that the attack began on February 26 and extended into March. What makes this campaign stand out is its target—a Western military mission on Ukrainian soil—indicating a bold step in Shuckworm’s espionage goals.

Shuckworm used a new version of its malware called GammaSteel in this attack. GammaSteel is made to steal data without being seen. It was written in PowerShell, a tool used in Windows systems. This let the hackers sneak into computers, look for important files, and send the stolen data back to their own servers. They did all this while avoiding most security programs.

How the Attack Unfolded

The attack began in a simple yet deceptive way. Shuckworm used an infected removable drive containing a file labeled “D:\files.lnk.” When this shortcut file was opened, it triggered a process that altered the Windows Registry, enabling the malware to automatically run every time the computer was restarted. This gave the hackers a way in.

From there, they ran a file named mishta.exe to bypass standard security checks. They followed this up with a series of hidden commands using a built-in Windows tool called wscript.exe. These commands allowed them to connect the infected computer to their Command and Control server, which acts as a headquarters for the hackers, allowing them to issue more commands and retrieve stolen data.

Critical Vulnerabilities: The Dark Side of Pacemaker Technology

After gaining access, Shuckworm expanded its reach. It methodically moved through the computer system, infecting all connected USB drives and shared network folders. This made sure the malware spread beyond a single device and into other parts of the organization’s infrastructure.

On March 1, the hackers were observed carrying out a wave of activity on the compromised server. They launched tools to gather information about the system and created two new backup servers to maintain control in case their primary access point was blocked. These moves show how organized and persistent Shuckworm is in its operations.

Military Documents and Methods of Theft

What the hackers wanted became clear soon. Security experts found a group of stolen files. The file names showed they were linked to military plans and battlefield actions. Some files had titles about inspection steps, air defense orders, and troop movements. Others mentioned wound reports and casualty details. The exact content is not confirmed. But the names suggest the hackers were after secret military information.

Once they had the files, the group found ways to smuggle the data out. They used a public website called write.as to upload the stolen files. As a backup, they used cURL, a tool that moves data online. They also used Tor, a network that hides who you are and where you’re from. These tools helped them stay hidden and avoid being tracked.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

According to the security researchers, this campaign showed that Shuckworm has become more skilled. They relied more heavily on PowerShell tools, made minor but effective changes to their malware code, and used legitimate-looking services to avoid drawing attention. This made the entire attack chain more complicated and harder to detect, signaling an increase in the group’s capabilities.

This latest hacking operation is a reminder of the ongoing cyber war tied to the physical conflict in Ukraine. While soldiers fight on the ground, digital attackers like Shuckworm operate in the shadows, stealing secrets and undermining operations with a few lines of code.

Mohit Kumbhar
Mohit Kumbhar
Hey I am Mohit. I am the editor of the Newsinterpretation. Writing is my passion and financial column writing is my hobby.

TOP 10 TRENDING ON NEWSINTERPRETATION

From Clearview to Palantir, ICE adds Graykey in new $3 million tech push

U.S. Immigration and Customs Enforcement (ICE), through its investigative...

Trump White House amplifies Melania’s fight as retractions pile up over Epstein stories

First Lady Melania Trump has taken an unusually direct...

Outrage grows as Kristi Noem’s ‘ICE Barbie’ stunt video shows wrongful detention of American citizen

A U.S. citizen was wrongfully detained during an Immigration...

Binance founder warns crypto firms of North Korean hackers posing as job seekers to steal assets

Hackers Disguise as Job Seekers and Recruiters Crypto security is...

Liverpool council reports rise in Russian cyberattacks as audit warns of service disruption

Liverpool City Council has confirmed that it has faced...

Gavin Newsom warns of coordinated effort after ABC halts Jimmy Kimmel Live citing FCC pressure

ABC announced on Wednesday that it would stop airing...

Heated Clash as Rand Paul Confronts Bernie Sanders and Former CDC Director Over Infant Vaccines

A Senate Hearing Turns Tense A heated Senate hearing on...

Karoline Leavitt shares post linking Utah earthquake to Charlie Kirk death timing

Earthquake in Utah Sparks Unusual Claim Karoline Leavitt, press secretary...

Newsom recalls son’s admiration for Kirk as debate over masculinity resurfaces

California Governor Gavin Newsom has openly praised the way...

Jaguar Land Rover (JLR) Hack Sparks Fears of Mass Layoffs and Factory Shutdowns

Cyber Attack Brings Production to a Halt Jaguar Land Rover...

Related Articles

Popular Categories

error: Content is protected !!