Russia-linked Vermin hackers target Ukraine with new malware strain

Avatar

A pro-Russian hacker group known as Vermin is using lures related to Ukraine’s offensive across the border to infect devices with malware, according to a new report from Kyiv’s cyber agency. 

To deceive their victims into clicking on malicious emails, the hackers have been using images of alleged Russian war criminals from the Kursk region, which was recently invaded by Ukraine.

Vermin hackers are reportedly controlled by the law enforcement agencies of the so-called Luhansk People’s Republic (LPR), an unrecognized quasi-state in eastern Ukraine annexed by Russia in 2022. The group is believed to be acting on behalf of the Kremlin.

On Monday, Ukraine’s computer emergency response team (CERT-UA) said Vermin has deployed two malicious tools in this campaign — the previously known Spectr spyware and a new malware strain called Firmachagent.

Spectr can take screenshots of a victim’s screen every 10 seconds, copy files with certain extensions, and steal data from messengers and internet browsers. Vermin has previously used Spectr to spy on Ukraine’s defense enterprises and armed forces.

The Firmachagent malware is used to upload stolen data to the hackers’ server, according to CERT-UA. The report doesn’t mention how many computers were infected by Vermin or how successful the attacks have been.

Last week, the Ukrainian Security Service (SBU) warned that the Kremlin was spreading fake news about Ukraine’s military activities in the Kursk region, accusing Ukrainian soldiers of war crimes. The SBU also said that Russia may resort to staging war crimes, particularly scenarios involving civilians in the Kursk region.

The assault on Kursk is one of Ukraine’s biggest offensives since the start of the full-scale war almost three years ago.

Following the attack, Kursk state officials reported that the region’s government and business websites, as well as critical infrastructure services, were hit by a “massive” distributed denial-of-service (DDoS) attack. Russia has also warned of Ukraine’s disinformation campaigns targeting Kursk.

NewsMalwareNation-state
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras

Next Post

Anatomy of an Attack

Related Posts

The Power and Peril of RMM Tools

As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management (RMM) tools for system administration.  However, like any new technology, RMM tools can also be used maliciously. Threat actors can establish connections to a victim's device and run commands, exfiltrate data, and stay
Avatar
Read More