https://community.isc2.org/t5/Threats/Hive0051-goes-all-in-with-a-triple-threat/m-p/69367#M1173 <P>Hi All</P><P>&nbsp;</P><DIV class=""><DIV class=""><DIV class=""><DIV class="">&nbsp;</DIV></DIV><DIV class=""><HR />Hi All<DIV class=""><P>&nbsp;</P></DIV></DIV></DIV></DIV><P>As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023<A href="https://securityintelligence.com/x-force/hive0051-malicious-operations-enabled-dns-fluxing/" target="_blank" rel="noopener"> findings,</A> detailing Hive0051’s use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver&nbsp;new Gamma malware variants, facilitating more than a thousand infections in a single day.</P><P>An examination of a sample of the lures associated with the ongoing activity reveals a focus on regional military, police and civil government training centers across Ukraine. In addition to collecting against Ukrainian combat capabilities, it is possible Hive0051 may seek to utilize access to gain advanced insight into the status of new security agreements and partners providing military training and material support to Ukraine.</P><P>&nbsp;</P><P><A href="https://securityintelligence.com/x-force/hive0051-all-in-triple-threat/" target="_blank">https://securityintelligence.com/x-force/hive0051-all-in-triple-threat/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 11 Apr 2024 00:04:14 GMT Caute_cautim 2024-04-11T00:04:14Z https://community.isc2.org/t5/Threats/Hive0051-goes-all-in-with-a-triple-threat/m-p/69367#M1173 <P>Hi All</P><P>&nbsp;</P><DIV class=""><DIV class=""><DIV class=""><DIV class="">&nbsp;</DIV></DIV><DIV class=""><HR />Hi All<DIV class=""><P>&nbsp;</P></DIV></DIV></DIV></DIV><P>As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023<A href="https://securityintelligence.com/x-force/hive0051-malicious-operations-enabled-dns-fluxing/" target="_blank" rel="noopener"> findings,</A> detailing Hive0051’s use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver&nbsp;new Gamma malware variants, facilitating more than a thousand infections in a single day.</P><P>An examination of a sample of the lures associated with the ongoing activity reveals a focus on regional military, police and civil government training centers across Ukraine. In addition to collecting against Ukrainian combat capabilities, it is possible Hive0051 may seek to utilize access to gain advanced insight into the status of new security agreements and partners providing military training and material support to Ukraine.</P><P>&nbsp;</P><P><A href="https://securityintelligence.com/x-force/hive0051-all-in-triple-threat/" target="_blank">https://securityintelligence.com/x-force/hive0051-all-in-triple-threat/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 11 Apr 2024 00:04:14 GMT https://community.isc2.org/t5/Threats/Hive0051-goes-all-in-with-a-triple-threat/m-p/69367#M1173 Caute_cautim 2024-04-11T00:04:14Z