Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government.
The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver custom cyber espionage malware called RATVERMIN, aka Vermin. But based on an analysis of malware compilation times and domain resolutions, the group behind these attacks may have been active since as far back as 2014.
Though not officially recognized as its own state, the LPR declared independence from Ukraine in the aftermath of the 2014 Ukrainian revolution, and remains in conflict with Kiev.
In a blog post published today, FireEye reports that the offending email, sent on Jan. 22, impersonated the UK-based defense manufacturer Armtrac. The supposed sender, who identifies himself as executive manager Alex