Gazprom

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further compounded by the fact that it's being employed by various unaffiliated criminal entities such as the Bloody Ransomware Gang. Gazprom malware first gained notoriety in 1999 when it was used in a cyber attack against Gazprom company itself, where a trojan horse was installed in the company’s pipeline system’s network, severely impacting the control over gas flow. The Gazprom malware has recently been leveraged in high-profile cyber attacks, particularly amidst the conflict between Ukraine and Russia. Ukraine's newly formed "IT army" has been instrumental in launching disruptive cyber-attacks and data thefts against the Russian government and other high-profile targets, including Gazprom. In response, Gazprom Media reported that its infrastructure had been attacked, indicating an escalation in cyber warfare tactics. The malware has also been used in ransomware attacks, with victims receiving a ransom note featuring ASCII art of Russia's president. Gazprom malware's activities are not limited to political or military contexts. It has also infiltrated the commercial sector, serving customers from Fortune 500 companies, including Xerox, Samsung, Volkswagen, KIA, Gazprom, Vogue, and PC Magazine, according to Bitrix24's LinkedIn page. This broad range of targets underscores the significant threat posed by Gazprom malware to both public and private sectors worldwide. The malware's use in politically motivated decisions, such as Gazprom's 2006 move to cut gas supplies to Ukraine, further highlights the potential for this malware to be exploited for geopolitical gains.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Conti	2	Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ukraine

Russia

Locker

Ransom

Wagner

exploitation

Exploit

Iran

Trojan

Youtube

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	2	LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Gazprom Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	6 months ago	Armenia And Iran: A Vital Strategic Partnership – Analysis
CERT-EU	7 months ago	Ukrainian hacktivists claim attack on popular Russian CRM provider
CERT-EU	9 months ago	Amidst the ongoing war in Ukraine, Austria’s economic and political ties with Russia hold firm
CERT-EU	9 months ago	Ukraine's IT army is a world first: Here's why it is an important part of the war
CERT-EU	a year ago	Hacking attack prompts Russian regional broadcasters to issue air alert warnings \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security
CERT-EU	a year ago	New Entrants to Ransomware Unleash Frankenstein Malware
CERT-EU	10 months ago	The President of Russia and the President of Uzbekistan made statements for the media
CERT-EU	10 months ago	Cyber Attacks Causes Global Environmental Catastrophes \| Kovrr Blog
CERT-EU	a year ago	What Happens When Foreign Investment Becomes a Security Risk?
BankInfoSecurity	a year ago	Why Criminals Keep Reusing Leaked Ransomware Builders
CERT-EU	a year ago	Links 15/05/2023: Türkiye Runoff Foreseen in Presidential Election
CERT-EU	a year ago	Q2 2023 Internet disruption summary – GIXtools
DARKReading	a year ago	What Happened to #OpRussia?
CERT-EU	a year ago	Hackers Compromised the Russian Defense Satellite Communications Provider
CERT-EU	a year ago	New Hacking Group Takes Down Russian Telecom Satellite in Support of Prigozhin's Wagner Group
CERT-EU	a year ago	Hackers broadcast address by Ukraine's intelligence chief on Gazprom's Crimean radio station \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security
BankInfoSecurity	a year ago	New Entrants to Ransomware Unleash Frankenstein Malware
CERT-EU	a year ago	Following Prigozhin’s Aborted Mutiny, What Will Happen To The Wagner Group? – Analysis
CERT-EU	a year ago	Hackers claim to take down Russian satellite communications provider
CERT-EU	a year ago	Feb 8: Buonasera Mag