Russia-linked Vermin hackers target Ukraine with new malware strain
A pro-Russian hacker group known as Vermin is using lures related to Ukraine’s offensive across the border to infect devices with malware, according to a new report from Kyiv’s cyber agency.
To deceive their victims into clicking on malicious emails, the hackers have been using images of alleged Russian war criminals from the Kursk region, which was recently invaded by Ukraine.
Vermin hackers are reportedly controlled by the law enforcement agencies of the so-called Luhansk People’s Republic (LPR), an unrecognized quasi-state in eastern Ukraine annexed by Russia in 2022. The group is believed to be acting on behalf of the Kremlin.
On Monday, Ukraine’s computer emergency response team (CERT-UA) said Vermin has deployed two malicious tools in this campaign — the previously known Spectr spyware and a new malware strain called Firmachagent.
Spectr can take screenshots of a victim's screen every 10 seconds, copy files with certain extensions, and steal data from messengers and internet browsers. Vermin has previously used Spectr to spy on Ukraine’s defense enterprises and armed forces.
The Firmachagent malware is used to upload stolen data to the hackers’ server, according to CERT-UA. The report doesn’t mention how many computers were infected by Vermin or how successful the attacks have been.
Last week, the Ukrainian Security Service (SBU) warned that the Kremlin was spreading fake news about Ukraine’s military activities in the Kursk region, accusing Ukrainian soldiers of war crimes. The SBU also said that Russia may resort to staging war crimes, particularly scenarios involving civilians in the Kursk region.
The assault on Kursk is one of Ukraine’s biggest offensives since the start of the full-scale war almost three years ago.
Following the attack, Kursk state officials reported that the region’s government and business websites, as well as critical infrastructure services, were hit by a “massive” distributed denial-of-service (DDoS) attack. Russia has also warned of Ukraine’s disinformation campaigns targeting Kursk.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.