Gamaredon Abuses Telegram To Target Ukrainian Government Organizations
The Gamaredon APT group was discovered targeting Ukrainian government entities using the Telegram messaging service to avoid traditional network detection.
The Telegram messaging application was used in several stages, from victim profiling to delivering the final payload.
The initial infection vector was weaponized spear-phishing documents written in the Russian and Ukrainian languages.
The threat actor exploited a remote template injection vulnerability to compromise adversarial infrastructure with malware and bypass Microsoft Word macro protection.
After the malicious document was opened, the malware downloaded a Visual Basic script from a specific address which connected to a Telegram account to get additional instructions.
Featured Resources
View More Resources
Validating Cloud Threat Detection with Wiz Defend and Cymulate
Cymulate-Wiz integration enables proven cloud threat detection by simulating real attacks and verifying Wiz Defend.
Kerberos Authentication Relay Via CNAME Abuse
A breakdown of Kerberos authentication relay using CNAME abuse and mitigation considerations.
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
A subtle Azure SSO token validation flaw allowed attackers to escalate privileges and move laterally across WAC-managed systems.