web analytics

Renewed Info Stealer Campaign Targets Ukrainian Military – Source: www.databreachtoday.com

Rate this post

Source: www.databreachtoday.com – Author: 1

Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

CERT-UA Says Threat Actor ‘Vermin’ Used Syncthing Application

Akshaya Asokan (asokan_akshaya) •
June 6, 2024    

Renewed Info Stealer Campaign Targets Ukrainian Military
A U.S. HIMARS system launches ordnance during an exercise in Alaska in October 2020. (Image: U.S. Air Force)

Ukrainian cyber defenders said Russian intelligence hackers operating from the occupied Donbas city of Luhansk targeted military email inboxes with an info stealer.

See Also: Live Webinar | Digital Doppelgängers: The Dual Faces of Deepfake Technology

The Computer Emergency Response Team of Ukraine on Thursday said a group it tracks as UAC-0020 – also known as “Vermin” – deployed a malware strain dubbed “Spectr” as part of a spear-phishing campaign.

The phishing email appears to contain password-protected information about a gun turret. An attachment contains an archive folder with three files: a decoy PDF, an executable file and a batch file. The executable contains Spectr malware bundled with a modified version of Syncthing, a legitimate open-source, peer-to-peer synchronization application. The hackers made modifications that included disabling the user notifications of Syncthing.

The malware steals documents, files, passwords and other information – including data from the victims’ Telegram, Signal and Skype accounts – from the infected device while operating in the background.

The info stealer copies the exfiltrated data into a subfolder and transfers it using the file-sharing app.

CERT-UA called the campaign “no-so-successful,” dubbing it “SIckSync.” Ukraine said Vermin is an operation of Luhansk law enforcement agencies. That region of Ukraine operated with the support of Russian-backed paramilitaries as a breakaway state from 2014 until 2022, when Russia putatively annexed it.

Vermin’s last known operation was in March 2022, when Ukrainian cyber defenders said they detected a similar campaign deploying Spectr malware.

The Russia-Ukraine war is now in its third year. Russia in May opened a new battlefront in the Kharkiv region, and the Institute for the Study of War said on Wednesday that “Russian forces are attempting to make tactically and operationally significant gains” before renewed U.S. military assistance arrives at the front line at scale. U.S. President Joe Biden in May approved Ukrainian use of artillery to strike Russian forces in Russia. The New York Times reported Wednesday that a Ukrainian member of parliament said armed forces used that permission to destroy Russian missile launchers in the Belgorod region using an American High Mobility Artillery Rocket System.

Original Post url: https://www.databreachtoday.com/renewed-info-stealer-campaign-targets-ukrainian-military-a-25443

Category & Tags: –

Views: 5

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post