Russia-linked Vermin hackers target Ukraine with new malware strain

Avatar

A pro-Russian hacker group known as Vermin is using lures related to Ukraine’s offensive across the border to infect devices with malware, according to a new report from Kyiv’s cyber agency. 

To deceive their victims into clicking on malicious emails, the hackers have been using images of alleged Russian war criminals from the Kursk region, which was recently invaded by Ukraine.

Vermin hackers are reportedly controlled by the law enforcement agencies of the so-called Luhansk People’s Republic (LPR), an unrecognized quasi-state in eastern Ukraine annexed by Russia in 2022. The group is believed to be acting on behalf of the Kremlin.

On Monday, Ukraine’s computer emergency response team (CERT-UA) said Vermin has deployed two malicious tools in this campaign — the previously known Spectr spyware and a new malware strain called Firmachagent.

Spectr can take screenshots of a victim’s screen every 10 seconds, copy files with certain extensions, and steal data from messengers and internet browsers. Vermin has previously used Spectr to spy on Ukraine’s defense enterprises and armed forces.

The Firmachagent malware is used to upload stolen data to the hackers’ server, according to CERT-UA. The report doesn’t mention how many computers were infected by Vermin or how successful the attacks have been.

Last week, the Ukrainian Security Service (SBU) warned that the Kremlin was spreading fake news about Ukraine’s military activities in the Kursk region, accusing Ukrainian soldiers of war crimes. The SBU also said that Russia may resort to staging war crimes, particularly scenarios involving civilians in the Kursk region.

The assault on Kursk is one of Ukraine’s biggest offensives since the start of the full-scale war almost three years ago.

Following the attack, Kursk state officials reported that the region’s government and business websites, as well as critical infrastructure services, were hit by a “massive” distributed denial-of-service (DDoS) attack. Russia has also warned of Ukraine’s disinformation campaigns targeting Kursk.

NewsMalwareNation-state
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras

Next Post

Anatomy of an Attack

Related Posts

Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until
Siva Ramakrishnan
Read More