The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia’s Ministry of Defense last week, the ministry told The Record on Friday.
Hackers sent malicious emails to several employees of the ministry, pretending to be Ukrainian government officials. The attempted cyberattack was unsuccessful, the ministry added.
The sample of the malicious email was first shared on Twitter by French cybersecurity company Sekoia.io this week.
Last week, #Gamaredon 🇷🇺 intrusion set likely impersonated the 🇺🇦 MoD to target the 🇱🇻 MoD by using #spearphishing with the following infection chain: HTMLSmuggling -> ZIP -> LNK -> HTA. They used the already flagged #Gamaredon domain name admou[.]org to send their email.