Research have been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. The advanced persistent threat group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. The latest malware implant appears to be a modified version of the group s proprietary Pterodo malware, discovered on computers of state authorities of Ukraine performing system reconnaissance. The group is also now using a system of Nginx forwarders to process traffic from compromised victim machines, oftentimes relying on dynamic DNS providers.
Source: https://threatpost.com/gamaredon-apt-toolset-ukraine/152568/