Gazprom

Malware updated 7 months ago (2024-05-04T20:43:18.322Z)

Download STIX

Preview STIX

Gazprom, named after the Russian gas giant, is a malicious software (malware) that has been causing significant disruption in the digital world. The malware uses leaked Conti source code and is often mistaken for LockBit crypto-locker due to its similar operational style. This confusion is further compounded by the fact that it's being employed by various unaffiliated criminal entities such as the Bloody Ransomware Gang. Gazprom malware first gained notoriety in 1999 when it was used in a cyber attack against Gazprom company itself, where a trojan horse was installed in the company’s pipeline system’s network, severely impacting the control over gas flow. The Gazprom malware has recently been leveraged in high-profile cyber attacks, particularly amidst the conflict between Ukraine and Russia. Ukraine's newly formed "IT army" has been instrumental in launching disruptive cyber-attacks and data thefts against the Russian government and other high-profile targets, including Gazprom. In response, Gazprom Media reported that its infrastructure had been attacked, indicating an escalation in cyber warfare tactics. The malware has also been used in ransomware attacks, with victims receiving a ransom note featuring ASCII art of Russia's president. Gazprom malware's activities are not limited to political or military contexts. It has also infiltrated the commercial sector, serving customers from Fortune 500 companies, including Xerox, Samsung, Volkswagen, KIA, Gazprom, Vogue, and PC Magazine, according to Bitrix24's LinkedIn page. This broad range of targets underscores the significant threat posed by Gazprom malware to both public and private sectors worldwide. The malware's use in politically motivated decisions, such as Gazprom's 2006 move to cut gas supplies to Ukraine, further highlights the potential for this malware to be exploited for geopolitical gains.

Description last updated: 2024-05-04T16:23:06.663Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Conti is a possible alias for Gazprom. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ukraine

Russia

Ransom

Locker

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Gazprom. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	2

Source Document References

Information about the Gazprom Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Armenia And Iran: A Vital Strategic Partnership – Analysis
CERT-EU	a year ago	Ukrainian hacktivists claim attack on popular Russian CRM provider
CERT-EU	a year ago	Amidst the ongoing war in Ukraine, Austria’s economic and political ties with Russia hold firm
CERT-EU	a year ago	Ukraine's IT army is a world first: Here's why it is an important part of the war
CERT-EU	2 years ago	Hacking attack prompts Russian regional broadcasters to issue air alert warnings \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security
CERT-EU	a year ago	New Entrants to Ransomware Unleash Frankenstein Malware
CERT-EU	a year ago	The President of Russia and the President of Uzbekistan made statements for the media
CERT-EU	a year ago	Cyber Attacks Causes Global Environmental Catastrophes \| Kovrr Blog
CERT-EU	a year ago	What Happens When Foreign Investment Becomes a Security Risk?
BankInfoSecurity	a year ago	Why Criminals Keep Reusing Leaked Ransomware Builders
CERT-EU	2 years ago	Links 15/05/2023: Türkiye Runoff Foreseen in Presidential Election
CERT-EU	a year ago	Q2 2023 Internet disruption summary – GIXtools
DARKReading	2 years ago	What Happened to #OpRussia?
CERT-EU	a year ago	Hackers Compromised the Russian Defense Satellite Communications Provider
CERT-EU	a year ago	New Hacking Group Takes Down Russian Telecom Satellite in Support of Prigozhin's Wagner Group
CERT-EU	2 years ago	Hackers broadcast address by Ukraine's intelligence chief on Gazprom's Crimean radio station \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security
BankInfoSecurity	a year ago	New Entrants to Ransomware Unleash Frankenstein Malware
CERT-EU	a year ago	Following Prigozhin’s Aborted Mutiny, What Will Happen To The Wagner Group? – Analysis
CERT-EU	a year ago	Hackers claim to take down Russian satellite communications provider
CERT-EU	2 years ago	Feb 8: Buonasera Mag