X

Pro-Russia Hackers Attack Ukrainian Military: Report

Ukrainian soldiers sit on an armored military vehicle. Photo: Fadel Senna/AFP

Ukraine is investigating a digital breach involving a pro-Russian cyber group targeting the armed forces.

An analysis published by the Ukrainian government’s Computer Emergency Response Team (CERT-UA) explained that the actors employed “Spectr,” a malware program hidden in legitimate programs to steal critical data including files and passwords.

The report stated that Spectr was concealed in SyncThing, software designed to consolidate content across local or remote networks.

According to CERT-UA, such an attack is typically facilitated with a decoy PDF file, an EXE installation launcher containing the virus, and a BAT file to run associated commands on the compromised device.

This tactic enables the change of a user’s directory names, calendars, and notifications.

Spectr can also copy information from removable USB devices, social media applications, and internet browsers.

Additionally, the virus can take images of a victim’s screen every 10 seconds when triggered by projected words such as “mail” and “drive.”

From Luhansk People’s Republic

CERT-UA said that the group involved in the incidents was Vermin, a hacking group that gained notoriety following Russia’s invasion of Ukraine in 2022.

The entity is known to operate under the Luhansk People’s Republic, a council backed by Moscow in the occupied eastern territories of Ukraine.

An event related to Vermin was recorded in 2022, which saw the distribution of the Spectr malware across emails affiliated with the Ukrainian Ministry of Defense and other state agencies.

Securing Digital Capabilities

CERT-UA urged users to implement measures against Vermin, Spectr, and other digital threats.

The agency also recommended monitoring interactions with the SyncThing infrastructure and its corresponding “.syncthing.net” domains.

“In order to minimize the likelihood of cyber threats, we urge the persons responsible for the cyber security of the Armed Forces to immediately contact the Cyber ​​Security Center of the Armed Forces for the purpose of obtaining and further installation on all computers without exception appropriate protection technologies,” the agency said.

“In addition, please make sure that there are settings on edge network devices for transmission of network connection.”

Related Posts