Gazprom

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further compounded by the fact that it's being employed by various unaffiliated criminal entities such as the Bloody Ransomware Gang. Gazprom malware first gained notoriety in 1999 when it was used in a cyber attack against Gazprom company itself, where a trojan horse was installed in the company’s pipeline system’s network, severely impacting the control over gas flow. The Gazprom malware has recently been leveraged in high-profile cyber attacks, particularly amidst the conflict between Ukraine and Russia. Ukraine's newly formed "IT army" has been instrumental in launching disruptive cyber-attacks and data thefts against the Russian government and other high-profile targets, including Gazprom. In response, Gazprom Media reported that its infrastructure had been attacked, indicating an escalation in cyber warfare tactics. The malware has also been used in ransomware attacks, with victims receiving a ransom note featuring ASCII art of Russia's president. Gazprom malware's activities are not limited to political or military contexts. It has also infiltrated the commercial sector, serving customers from Fortune 500 companies, including Xerox, Samsung, Volkswagen, KIA, Gazprom, Vogue, and PC Magazine, according to Bitrix24's LinkedIn page. This broad range of targets underscores the significant threat posed by Gazprom malware to both public and private sectors worldwide. The malware's use in politically motivated decisions, such as Gazprom's 2006 move to cut gas supplies to Ukraine, further highlights the potential for this malware to be exploited for geopolitical gains.
What's your take? (Question 1 of 5)
9f709d3c-a1be-4ec2-b7df-05f43dd78823 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Conti
2
Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malicious software has been used in conjunction with other forms of malware such as Trickbot, BazarLoader, IcedID, and Cobalt S
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ukraine
Russia
Ransom
Locker
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Gazprom Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a year ago
IT Army of Ukraine gained access to 1.5GB archive from Gazprom
CERT-EU
a year ago
Feb 8: Buonasera Mag
CERT-EU
7 months ago
Ukraine's IT army is a world first: Here's why it is an important part of the war
CERT-EU
a year ago
Poland’s Threat Assessment: Deepened, Not Changed – Analysis
CERT-EU
a year ago
Links 15/05/2023: Türkiye Runoff Foreseen in Presidential Election
BankInfoSecurity
9 months ago
Why Criminals Keep Reusing Leaked Ransomware Builders
CERT-EU
5 months ago
Ukrainian hacktivists claim attack on popular Russian CRM provider
CERT-EU
8 months ago
Cyber Attacks Causes Global Environmental Catastrophes | Kovrr Blog
CERT-EU
a year ago
Hacking attack prompts Russian regional broadcasters to issue air alert warnings | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
a year ago
New Entrants to Ransomware Unleash Frankenstein Malware
CERT-EU
8 months ago
The President of Russia and the President of Uzbekistan made statements for the media
CERT-EU
a year ago
Hackers broadcast address by Ukraine's intelligence chief on Gazprom's Crimean radio station | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
10 months ago
Q2 2023 Internet disruption summary – GIXtools
CERT-EU
a year ago
Hackers Compromised the Russian Defense Satellite Communications Provider
CERT-EU
a year ago
Hackers claim to take down Russian satellite communications provider
BankInfoSecurity
a year ago
New Entrants to Ransomware Unleash Frankenstein Malware
CERT-EU
9 months ago
Why Criminals Keep Reusing Leaked Ransomware Builders
DARKReading
a year ago
What Happened to #OpRussia?
CERT-EU
9 months ago
What Happens When Foreign Investment Becomes a Security Risk?
CERT-EU
a year ago
Following Prigozhin’s Aborted Mutiny, What Will Happen To The Wagner Group? – Analysis