This post is also available in:
עברית (Hebrew)
A Russia-linked attacker group has been distributing malicious emails disguised as containing images of Ukrainian prisoners of war (POWs) from the Kursk offensive, according to a report by the State Special Communications Service of Ukraine (SSSCIP). These deceptive emails, targeting Ukrainian recipients, claim to include photographs of captured soldiers. However, the attachments within these emails are actually archives loaded with SPECTR spyware and FIRMACHAGENT malware, according to Cyber News.
SPECTR spyware is designed to collect sensitive data from the infected systems, while FIRMACHAGENT malware works to exfiltrate this stolen information to a remote server controlled by the attackers. The Ukrainian authorities suspect that the group known as UAC-0020, also referred to as Vermin, is responsible for this attack. This group is believed to operate primarily from Luhansk, a city annexed by Russia in 2022.
To combat such threats, CERT-UA (The Computer Emergency Response Team of Ukraine), recommends several defensive measures. It is advised to restrict user permissions by, for example, limiting admin-level rights, to reduce the potential impact of these attacks. Additionally, setting up policies to block the execution of certain files, such as .CHM and powershell.exe, is suggested as it can further mitigate risks.
The context of these cyberattacks is tied to Ukraine’s ongoing conflict with Russia. On August 6th, Ukraine launched an offensive into Russia’s Kursk region, capturing numerous Russian-held settlements. This military push is seen as a strategic move that could potentially strengthen Ukraine’s negotiating position, as it may offer the possibility of trading captured Russian territories for those occupied by Russian forces within Ukraine.
The malicious campaign exploiting the sensitive issue of POWs highlights the increasing sophistication and psychological manipulation tactics employed in modern cyber warfare. As the conflict continues, both physical and digital battlegrounds are becoming increasingly intertwined, underscoring the critical need for robust cybersecurity measures in contemporary military and governmental operations.
