Russian hackers attack Western military mission using malicious drive

The Russian state-backed hacking group Gamaredon (aka “Shuckworm”) has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. Symantec threat researchers say the campaign started in February 2025 and continued until March, with hackers deploying an updated version of the GammaSteel info-stealing malware to exfiltrate data. According to the report, initial access to the infected systems was probably achieved via removable drives containing malicious .LNK files, a vector that Gamaredon has used in the past. The researchers note a change in the threat actor's tactics, including a shift from VBS scripts to PowerShell-based tools, more obfuscation for payloads, and increased use of legitimate services for evasion. Latest Gamaredon attacks in Ukraine During the investigation, the researchers noticed in the Windows Registry of the compromised system a new value under the UserAssist key, indicating that the infection started fro ... Read full article.