{"id":35460,"date":"2020-06-11T16:30:10","date_gmt":"2020-06-11T16:30:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/"},"modified":"2020-06-11T16:30:10","modified_gmt":"2020-06-11T16:30:10","slug":"russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/","title":{"rendered":"Russia-linked Gamaredon hacker crew using Microsoft&#8217;s Visual Basic for Applications to pwn Microsoft&#8217;s Outlook"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/10\/11\/outlook_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Security researchers claim to have uncovered &#8220;several previously undocumented post-compromise tools&#8221; used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications.<\/p>\n<p>In a statement about its findings, Slovakian infosec biz ESET said the tools &#8220;inject malicious macros or references to remote templates into existing documents on the attacked system, which is a very efficient way of moving within an organization&#8217;s network, as documents are routinely shared amongst colleagues.&#8221;<\/p>\n<p>The Gamaredon hacking crew is said to be targeting Outlook through Visual Basic for Applications (VBA), allowing attackers to access the target account&#8217;s contact book so they can forward phishing emails to a new batch of potential victims.<\/p>\n<p>&#8220;While abusing a compromised mailbox to send malicious emails without the victim&#8217;s consent is not a new technique, we believe this is the first publicly documented case of an attack group using an OTM file and Outlook macro to achieve it,&#8221; said researcher Jean-Ian Boutin. &#8220;We were able to collect numerous different samples of malicious scripts, executables and documents used by the Gamaredon group throughout their campaigns.&#8221;<\/p>\n<p>To compromise Outlook, the malware runs a Visual Basic script that kills the Outlook system process before changing Windows registry values to strip away security settings preventing VBA macro execution, said ESET. It then fires up Outlook and loads its malicious VBA project.<\/p>\n<p>Gamaredon has been an active APT crew since 2013, initially known for targeting Ukrainian government institutions. More recently it has been caught jumping aboard the COVID-19 pandemic to spread its malware, as Trend Micro <a target=\"_blank\" href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/gamaredon-apt-group-use-covid-19-lure-in-campaigns\/\" rel=\"noopener noreferrer\">said in April<\/a>.<\/p>\n<p>Ukrainian security forces have previously attributed Gamaredon&#8217;s activities to the 16th and 18th divisions of Russia&#8217;s FSB spy agency, under a previous Western name of Operation Armageddon. The NATO Association of Canada, in a paper examining Russian disinformation and disruption operations in Ukraine, reaffirmed that link <a target=\"_blank\" href=\"http:\/\/natoassociation.ca\/phishing-on-the-dnieper-russian-offensive-cyber-operations-in-ukraine\/\" rel=\"noopener noreferrer\">earlier this year<\/a>.<\/p>\n<p>VBA has thrown up the odd surprise over the years, malware aside. Back in 2016 an evidently bored chap <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2016\/09\/08\/slow_day_inspires_excelvba_instant_messaging_app\/\" rel=\"noopener noreferrer\">created an Excel-based peer-to-peer instant messaging project using VBA<\/a>. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.com\/tl\/1942\/-8722\/ransomware-has-gone-nuclear?td=wptl1942\">Webcast: Ransomware has gone nuclear<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2020\/06\/11\/eset_gamaredon_outlook\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>From targeting Ukraine to random mailboxes: how the mighty have fallen Security researchers claim to have uncovered &#8220;several previously undocumented post-compromise tools&#8221; used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35461,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-35460","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Russia-linked Gamaredon hacker crew using Microsoft&#039;s Visual Basic for Applications to pwn Microsoft&#039;s Outlook 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Russia-linked Gamaredon hacker crew using Microsoft&#039;s Visual Basic for Applications to pwn Microsoft&#039;s Outlook 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-11T16:30:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"648\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Russia-linked Gamaredon hacker crew using Microsoft&#8217;s Visual Basic for Applications to pwn Microsoft&#8217;s Outlook\",\"datePublished\":\"2020-06-11T16:30:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/\"},\"wordCount\":364,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/\",\"name\":\"Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg\",\"datePublished\":\"2020-06-11T16:30:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg\",\"width\":648,\"height\":432},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Russia-linked Gamaredon hacker crew using Microsoft&#8217;s Visual Basic for Applications to pwn Microsoft&#8217;s Outlook\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/","og_locale":"en_US","og_type":"article","og_title":"Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-06-11T16:30:10+00:00","og_image":[{"width":648,"height":432,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Russia-linked Gamaredon hacker crew using Microsoft&#8217;s Visual Basic for Applications to pwn Microsoft&#8217;s Outlook","datePublished":"2020-06-11T16:30:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/"},"wordCount":364,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/","url":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/","name":"Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg","datePublished":"2020-06-11T16:30:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/06\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook.jpg","width":648,"height":432},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/russia-linked-gamaredon-hacker-crew-using-microsofts-visual-basic-for-applications-to-pwn-microsofts-outlook\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Russia-linked Gamaredon hacker crew using Microsoft&#8217;s Visual Basic for Applications to pwn Microsoft&#8217;s Outlook"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35460"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35460\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35461"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}