"Russian Hackers Target Major Petroleum Refining in NATO Member State During Ukraine War"
Amid the continuing Russian-Ukrainian conflict, the Russia-affiliated Gamaredon group attempted to break into a petroleum refinery in a NATO member state early this year. The attack, which occurred on August 30, 2022, is one of the numerous strikes conducted by the Advanced Persistent Threat (APT) group attributed to Russia's Federal Security Service (FSB). Gamaredon, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and Winterflounder, has a history of harvesting sensitive data mostly from Ukrainian businesses and, to a lesser extent, NATO partners. Palo Alto Networks Unit 42 stated that Trident Ursa has been functioning as a dedicated access creator and intelligence gatherer as the fight has persisted on the ground and in cyberspace. Trident Ursa continues to be one of the most pervasive, intrusive, constantly operational, and Ukraine-focused APTs. Unit 42's monitoring of the group's actions over the past ten months has found over 500 new domains and 200 malware samples, as well as several changes in methods in response to changing and expanding priorities. In addition to cyberattacks, the security community reportedly received threatening tweets from a Gamaredon associate, showing the adversary's use of intimidation measures. This article continues to discuss the Gamaredon group and its targeting of a major petroleum refining company in a NATO member state.