FISA

Attackers heavily focused on acquiring military and security intelligence in order to support invading forces. The Shuckworm espionage group is continuing to mount multiple cyber attacks against Ukraine, with recent targets including security services, military, and government organizations. In some cases, Shuckworm has succeeded in staging long-running intrusions, lasting for as long as three months. The attackers repeatedly attempted to access and steal sensitive information such as reports about the deaths of Ukrainian military service members, enemy engagements and air strikes, arsenal inventories, military training, and more. In a bid to stay ahead of detection, Shuckworm has repeatedly refreshed its toolset, rolling out new versions of known tools and short-lived infrastructure, along with new additions, such as USB propagation malware. Shuckworm (aka Gamaredon, Armageddon) is a Russia-linked group that has almost exclusively focused its operations on Ukraine since it first appea