Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

A Russian advanced persistent threat group, Gamaredon, has continued to develop its malware and expand its attacks against Ukraine throughout 2025. The group has been observed using new tactics, including the abuse of cloud services. According to ESET, a Slovakian cybersecurity company, Gamaredon launched 35 distinct spear-phishing campaigns against new targets in Ukraine, with the majority occurring in the second half of 2025. These campaigns primarily targeted specific groups, although the excerpt does not specify which ones. Gamaredon's ongoing cyber attacks against Ukraine are part of a larger campaign. The group's evolution and expansion of its malware arsenal suggest a continued threat to Ukrainian targets.