Gamaredon Intensifies Cyber Attacks on Ukraine

The Russian APT group Gamaredon has significantly intensified its cyberattacks on Ukraine in 2025. According to a report from the Slovak cybersecurity company ESET, 35 different spear-phishing campaigns have been identified targeting new objectives. Most of these attacks occurred in the second half of the year and demonstrate the ongoing threat posed by this group.

Gamaredon has evolved its malware strategies and now also utilizes cloud service abuse as part of its attacks. This tactic allows the attackers to obscure their activities and make detection by security measures more difficult. The group specializes in sending targeted phishing emails that often appear as legitimate communications to deceive unsuspecting users.

New Malware Variants and Tactics

The malware used by Gamaredon has evolved in complexity and diversity. ESET reports several new variants specifically designed to bypass security solutions. These new tools are aimed at stealing sensitive information and taking control of infected systems.

The attacks are directed not only at government agencies but also at businesses and organizations in Ukraine. The choice of targets suggests that Gamaredon is attempting to destabilize the country's critical infrastructure. The attackers employ a variety of techniques to achieve their goals, including social engineering and technical exploits.

The second half of 2025 was particularly active for Gamaredon, with a significant increase in attacks. ESET has noted that the group strategically plans its campaigns to achieve maximum impact. The attacks are often well-coordinated and leverage current events or news to increase the likelihood that the targets will respond to the phishing attempts.

Reactions and Countermeasures

The Ukrainian cybersecurity authorities have responded to the increasing attacks by strengthening their defensive measures. New guidelines and training for employees in affected sectors have been introduced to raise awareness of cyber threats. Additionally, the authorities are working closely with international partners to share information about the attacks and improve defenses.

The international community has also condemned Gamaredon's activities, emphasizing that such attacks cannot be tolerated. Support for Ukraine in cyber defense has increased, and resources are being provided to strengthen resilience against such threats. However, experts warn that the threat from Gamaredon remains and that constant vigilance is required.

Developments in cyberspace show that Gamaredon poses a serious threat to Ukraine's national security. The group has demonstrated its ability to quickly adapt its tactics and utilize new technologies to achieve its objectives. The ongoing attacks highlight the need to continuously update and improve cyber defense strategies.