> TritonInfoSec News
Home / Jun 26, 2026 / Story
0
#7 WeLiveSecurity (ESET) threat-intel June 25, 2026 at 08:45 UTC

Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances

AI Summary

ESET Research published a detailed 2025 analysis of Gamaredon (FSB-linked APT), documenting the group's adoption of DNS tunneling, Cloudflare Workers for C2 obfuscation, dead-drop resolvers on legitimate platforms, and new tooling alliances to evade detection and hide infrastructure. The group has significantly upgraded its operational security compared to prior campaigns, making traditional IOC-based defenses less effective against this persistent Ukraine-focused threat actor. Defenders targeting Gamaredon should focus on behavioral detection of tunneling protocols and abuse of legitimate cloud services.

Read full article → https://www.welivesecurity.com/en/eset-research/ga…

Relevance score: 79.0/100

# More from June 26

  1. 1
    Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access The Hacker News
  2. 2
    Amadey, StealC malware operations disrupted in Operation Endgame action BleepingComputer
  3. 3
    In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw Dark Reading
  4. 4
    New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis The Hacker News
  5. 5
    CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited The Hacker News
  6. 6
    CISA warns of max severity Ubiquiti flaws exploited in attacks BleepingComputer
  7. 8
    BeyondTrust, LastPass Impacted by Klue-Salesforce Incident SecurityWeek
  8. 9
    Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking SecurityWeek
  9. 10
    Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability The Hacker News