iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Luhansk-based hackers known as Vermin have renewed a malicious cyber campaign after two years of inactivity.
Ukraine’s computer emergency response team, CERT-UA, has released details of a renewed info-stealing campaign targeting the country’s armed forces.
According to CERT-UA, the threat actor is a group known as Vermin, or UAC-0020, which is directed by members of “law enforcement agencies” in Luhansk, which is currently occupied by Russian armed forces.
Vermin – which has not been observed since 2022 – is currently deploying a malware strain known as Spectr via a phishing campaign.
An initial email is sent to a victim that contains a decoy PDF alongside a legitimate but modified version of the peer-to-peer synchronisation app SyncThing in a password-protected archive. The SyncThing executable is altered to change the names of directories and to not display alerts.
The Spectr malware contains several components that steal data from web browsers, messaging apps such as Telegram and Signal, and a wide range of file types. It also takes screenshots every 10 seconds if the active window displays content in Word, Excel, Office and other widely used applications.
CERT-UA has called the campaign SyncThing and considers the entire operation to be “not-so-successful”.
The Luhansk People’s Republic was declared in 2014 when pro-Russian forces formed a breakaway state in 2014, which was then annexed by Russia in 2022.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
