Starting in early 2019, Ukrainian government entities have been targeted by a spear-phishing campaign that appears to be a cyber espionage campaign emanating from the Luhansk People’s Republic (LPR).
LPR is a proto-state. It is a region in eastern Ukraine that declared independence following the 2014 Ukrainian revolution. It is not recognized as a sovereign state by any member country of the UN. The Ukrainian government describes LPR as a ‘temporarily occupied territory’, and its government as an ‘occupying administration of the Russian Federation’.
FireEye has discovered a new spear-phishing campaign that it believes is a continuation of ongoing activity probably coming from LPR and aimed against the Ukrainian government. It believes that such activity dates to 2014.
In January 2018, Palo Alto Networks (PAN) discussed “a modestly sized campaign going back to late 2015 using both Quasar RAT and RAT VERMIN.” While PAN provides no attribution and doesn’t mention LPR, this is