GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A new threat actor, GamaCopy, is mimicking the tactics of the Gamaredon hacking group in cyber attacks targeting Russian entities. GamaCopy uses military facility-related content as lures to drop UltraVNC, enabling remote access to compromised hosts. This activity shares similarities with Core Werewolf campaigns, including the use of 7z-SFX files and port 443 for server connections.