The pro-Russian hacker group "Parasites" has resumed its activities after a two-year hiatus and has once again targeted Ukrainian military personnel as part of a new espionage operation, reports The Record.
According to CERT-UA, the group, allegedly under the control of the LPR (Luhansk People’s Republic) security forces, is believed to be behind this campaign.
In their latest operation, analyzed by the Ukrainian CERT-UA, the "Parasites" focused on Ukrainian military personnel to steal confidential information. They utilized known malware called Spectr and legitimate software SyncThing to deliver tools to victims' computers through phishing emails with malicious archives protected by passwords.
Spectr is flexible and adaptable malware that can take screenshots of the victim's screen every 10 seconds, copy files, and steal authentication data from messengers and web browsers. SyncThing, on the other hand, was used to exfiltrate stolen information from victims' computers to hackers' servers.
Earlier this week, it was reported that the Ministry of Defense of Ukraine and a military base were targeted by hackers known as Ghostwriter, and a cyberattack on Ukrainian military personnel using DarkCrystal malware was detected.
