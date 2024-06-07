An espionage campaign named “SickSync” is using cyber attacks to target defense forces in Ukraine using a malware called SPECTR. The Computer Emergency Response Team of Ukraine (CERT-UA) has determined the actor behind these attacks to be a group called Vermin which is associated with security agencies of the Luhansk People’s Republic (LPR). The attacks are characterized by spear-phishing emails which contain a self-extracting archive file. SPECTR then takes screenshots every 10 seconds, harvests files, and gathers data from removable USB drives. Through this, the malware is able to steal credentials. The SickSync campaign marks the return of the Vermin group, which hasn’t been seen since March 2022.

