Ukraine Unmasks Armageddon Group as FSB Officers

Ukrainian special services claim to have identified the operatives behind the prolific “Armageddon” hacking group, alleging they are Russian FSB officers.

In a brief statement, the Security Service of Ukraine (SSU) revealed that the group, also known as “Garmaredon,” was responsible for over 5000 attacks on the Ukrainian government and critical infrastructure assets.

It targeted 1500 government computer systems intending to steal sensitive information relating to security and defense and blocking information systems, as well as attacking power plants and heat and water systems, the SSU said.

The five were reportedly members of the Crimean FSB before defecting to the Russian side after the invasion of the Ukrainian peninsula in 2014. As a result, they’re being accused of treason and espionage, malware development and interference with computers.

The SSU said it had managed to unmask the individuals despite their use of FSB tools to stay hidden online.

“The Armageddon hacker group is an FSB special project, which specifically targeted Ukraine,” it said. “This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.”

Although the individuals have not been arrested, the SSU will be hoping to send a signal to the FSB with this notice.

The security service also released a detailed technical document highlighting the group’s TTPs, including exploitation of legacy Windows vulnerabilities, malware loaded onto removable media, the EvilGnome Linux backdoor and a custom RAT dubbed “Pteranodon.”

John Hultquis ..

Support the originator by clicking the read the rest link below.