Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the former Soviet republic. And recently, it looks like those hackers returned with a new campaign targeting Ukrainian government officials, threat researchers say.
The campaign first appeared in January and ran through at least mid-March, Anomali said. Publication of the research coincides with escalating tensions between the two nations, with a Russian troop buildup along the Ukrainian border.
“This one is interesting because the alignment of real world events is just another indication of potential hybrid warfare that Russia is known to engage in,” said Gage Mele, lead cyber threat intelligence analyst at Anomali.
Anomali said the latest campaign’s goals were unclear, because the remote template domains it used were down at the time of discovery.
The suspected Russian hackers capitalized on current events as part of the likely spearphishing attempts. One legitimate-appearing document in the campaign is a Bulgarian-themed dissertation, during a time when Bulgarian prosecutors charged six Bulgarian government officials with spying for Russia.
“It would not be unlikely to think that Primitive Bear was using Bulgaria-themed decoys before the media knew of the events, thus making the information more relevant to Ukrainian officials who knew what was transpiring,” the research reads.
And Anomali predicted that the hackers could re-use the malicious files to go after government officials in other countries, too.