Threat Watch

Russian APT Primitive Bear Attacks Western Government Department in Ukraine Through Job Hunt

Palo Alto Networks discovered ongoing activity against Ukraine performed by Primitive Bear/Gamaredon, an advanced persistent threat (APT) group of Russian origin. Primitive Bear has been involved in several attacks against Ukraine since 2013 and researchers believe they will continue as tensions escalate. Primitive Bear’s most recent attack targeted an unnamed western government entity in Ukraine through an active job listing. The threat group sent a fake resume that contained a malicious downloader. This is a different approach from the group’s usual method of using phishing emails to initiate an attack. It is likely Primitive Bear’s actions will continue, and may even increase, as the conflict continues.

ANALYST NOTES