What is the issue - Researchers from FireEye uncovered that the Ukranian government and military is being targeted by an on-going spear phishing campaign.
Why it matters - The spear phishing campaign drops a powerful backdoor dubbed ‘RATVERMIN’ as part of a second-stage payload delivered with the help of a Powershell script.
Worth noting - Researchers suspect that the attackers behind the spear phishing campaign might be associated with the Luhansk People's Republic (LPR) group.
The big picture
Researchers noted that the Ukranian government departments have been targeted by the spear phishing campaign since 2014. However, the latest campaign was observed on January 22, 2019.
“This actor has likely been active since at least 2014, and its continuous targeting of the Ukrainian Government suggests a cyber espionage motivation. This is supported by the ties to the so-called LPR's security service,” FireEye researchers said.
The bottom line
“While cyber espionage is regularly leveraged as a tool of state power, this capability is not limited to states. Just as new state actors are consistently drawn to this practice, many substate actors will inevitably develop capabilities as well, especially those with the resources of a state sponsor or nominal control of territory,” John Hultquist, Director of Intelligence Analysis at FireEye told ZDNet.