- Symantec says he found Gammteel on devices that belong to a military operation in Ukraine
- Gammteelel is an infaller infants built by Russian Cyber-Outfit Gamaredon
- Gamaredon is one of the many groups on the grup
A “military mission of a western country”, located in Ukraine, was the goal of a Russian cybernetic fans attack according to cyber security researchers Symantec, who said they identified an attack that began in February 2025 and probably continued for several weeks.
The researchers affirm that the attack began with an infected removable unit that contains a malicious .LNK file that triggered an infections chain that resulted in the deployment of Gammteelel.
Gammteel is an inftentive infant malware, capable of exfiltrating documents in various formats, such as .docx, .pdf, .xls, .txt and more. Most likely, it was built and deployed by a threat actor sponsored by the Russian state known as Gammedon (or Shuckworm).
Infected removable units
In addition to stealing files, you can also take screenshots of the infected device and collect vital information about things such as installed antivirus tools, execution processes and more.
Finally, the tool establishes persistence at the final points committed through a new Windows Registry entry. The researchers said the threat actors changed their tactics a bit to better hide the payload.
Symantec did not say whose military mission was compromised, or what kind of information, if any, was stolen in the attack. It is safe to assume that the attack is part of a broader effort of cyber war since Russia invaded Ukraine more than three years ago.
Russian aggression has shown how much war changed and became digital. The digital world became an entire front, with Russian infantry aimed at communications satellites, government final points, electrical substations and more.
The Ukrainians responded by pirate television and radio Russians to transmit messages against the war, manipulated a taxi application to send dozens of cars to a single location in Moscow and filtered data gigabytes of Russian entities, including the private group of Wagner Military.
Gamaredon is only one of the many groups actively involved in the war, together with Conti or Sandworm. Apparently, everyone is part of Gru, Russia’s military intelligence unit.
Through Bleepingcomputer
