Following a two-year hiatus, the pro-Russian hacker group Vermin has reemerged, launching a new espionage campaign targeting Ukraine’s military, according to a new report.
Vermin, allegedly acting on behalf of the Kremlin and controlled by the unrecognized Luhansk People’s Republic (LPR) located in eastern Ukraine, deployed sophisticated malware and legitimate software in a targeted cyber espionage operation against Ukraine’s military. The group aimed to steal sensitive information, including screenshots, authentication data from messaging apps, and browsing histories, from Ukrainian military devices using tools like Spectr malware and SyncThing.
In March 2022, CERT-UA warned of Vermin's use of Spectr malware to target Ukrainian government infrastructure. On June 4, 2024, Cybersecurity firm Cyble revealed that Ukraine’s Ministry of Defence and a military base were targeted in attacks orchestrated by Belarusian state-sponsored hackers identified as Ghostwriter.
According to cybersecurity experts and Ukraine's CERT-UA: "In their latest campaign, Vermin used sophisticated tactics, including phishing emails and advanced malware, to compromise Ukrainian military systems."
Electronic espionage tactics, like those used by Vermin, stress ongoing cybersecurity challenges amid geopolitical tensions in Eastern Europe. Understanding the methods and tools of such groups helps effectively strengthen cyber defenses.
This resurgence shows the persistent threat of cyber warfare and espionage targeting national defense and security infrastructures. That requires enhanced cybersecurity measures and international cooperation to mitigate such threats.
State-sponsored cyber attacks are malicious activities orchestrated or supported by governments or state entities to infiltrate, disrupt, or obtain sensitive information from targeted entities, such as governments, organizations, or individuals.
Organizations can defend against state-sponsored cyber attacks by implementing cybersecurity measures, such as regular security assessments, employee training on phishing and other cyber threats, multi-factor authentication, and keeping software and systems up to date with the latest patches.
Cybersecurity in healthcare protects sensitive patient information, maintains the integrity of medical records, ensures uninterrupted healthcare services, and safeguards against ransomware attacks that can disrupt patient care and compromise patient safety.
Read more: Unpacking the benefits of cybersecurity in healthcare