FutureFive New Zealand logo
Consumer technology news from the future
Story image

Russian, Ukraine-themed war lure of choice for cyber espionage

By Shannon Williams
Fri 8 Apr 2022

Russian and Ukraine-themed war documents have become the lure of choice for cyber espionage, according to a new analysis from Check Point Research.

Check Point Research, the threat intelligence arm of Check Point Software, has named three APT groups, named El Machete, Lyceum and SideWinder, found to be running spear-phishing campaigns in five countries.

CPR counts victims in Nicaragua, Venezuela, Israel, Saudi Arabia and Pakistan. Victims identified span government, financial and energy sectors.

The cybersecurity firm continues to see a rise in overall cyberattacks on both Ukraine and Russia, +39% and +22% respectively, since the beginning of war

According to CPR, the attackers used decoys ranging from official-looking documents, to news articles and job postings. After examining the lure documents, CPR found malware capable of keylogging, screenshotting and executing commands. 

CPR believes the motivation behind these recent cyber espionage campaigns is to steal sensitive information from governments, banks, and energy companies. 

“Right now, we are seeing a variety of APT campaigns that utilises the current war for malware distribution," says Sergey Shykevich, threat ontelligence group manager at Check Point Software.

"The campaigns are highly targeted and sophisticated, focusing on victims in the government, financial and energy sectors. In our newest report, we profile and bring examples from three different APT groups, who all originate in different parts of the world, that we caught orchestrating these spear-phishing campaigns," he says. 

"We studied the malware involved closely, and found capabilities that span keylogging, screenshotting and more. It is my strong belief that these campaigns are designed with the core motivation of cyber espionage," Shykevich says. 

"Our findings reveal a clear trend, that collateral around the war between Russia and Ukraine has become a lure of choice for threat groups world-wide," he adds. 

"I strongly recommend governments, banks and energy companies to reiterate cyber awareness and education to employees, and to implement cybersecurity solutions that protect the network on all levels.”

Malware Capabilities

CPR studied the malware laced by each of the three APT groups, specifically for these cyber espionage activities. Capabilities include:

  • Keylogging: steals everything you enter using the keyboard 
  • Credential collection: collects credentials stored in Chrome and Firefox browsers
  • File collection: collects information about the files on each drive and collect file names and file sizes, allowing theft of specific files
  • Screenshotting
  • Clipboard data collection
  • Command execution

Attack Methodologies

El Machete

Spear-phishing email with text about Ukraine
Attached Word document with article about Ukraine
Malicious macro inside the document drops a sequence of files
Malware downloaded to the PC

Email with content about war crimes in Ukraine and link to malicious document hosted on a website
The document executes a macro code when the document is closed
Exe file is saved to the PC
Next time you restart your PC the malware runs

Malicious document is opened by the victim
When it’s opened, the document retrieves a remote template from an actor-controlled server
The external template that’s downloaded is an RTF file, that exploits the CVE-2017-11882 vulnerability
Malware on the PC of the victim

According to CPR, El Machete was spotted sending spear-phishing emails to financial organisations in Nicaragua, with an attached Word document titled “Dark plans of the neo-Nazi regime in Ukraine.” The document contained an article written and published by Alexander Khokholikov, the Russian ambassador to Nicaragua that discussed the Russo-Ukrainian conflict from the perspective of the Kremlin.

In mid-March, an Israeli energy company received an email from the address inews-reporter@protonmail[.]com with the subject “Russian war crimes in Ukraine.” The email contained a few pictures taken from public media sources and contained a link to an article hosted on the news-spot[.]live domain. The link in the email leads to a document which contains the article “Researchers gather evidence of possible Russian war crimes in Ukraine” published by The Guardian. The same domain hosts a few more malicious documents related Russia as well as the Russia-Ukraine war, such as a copy of an article by The Atlantic Council from 2020 on Russian nuclear weapons, and a job posting for an “Extraction / Protective Agent” agent in Ukraine.

CPR says SideWinder’s malicious document, which also exploits the Russia-Ukraine war, was uploaded to VirusTotal in mid-March. Judging by its content, the intended targets are Pakistani entities; the bait document contains the document of the National Institute of Maritime Affairs of Bahria University in Islamabad, and is titled “Focused talk on Russian Ukraine Conflict Impact on Pakistan.” This malicious document uses remote template injection. When it’s opened, the document retrieves a remote template from an actor-controlled server.

Latest Overall Cyber Attack Numbers on Ukraine, Russia and NATO Countries

Recently, Check Point Research (CPR) released an update on cyberattack trends throughout the current Russia-Ukraine war. One month after the war started on 24th February 2022, both Russia and Ukraine saw increases in cyber-attacks of 10% and 17% respectively. CPR has also observed a 16% increase in cyber-attacks globally throughout the current conflict. CPR shared cyber-attack data for NATO countries, regions and more here.  

Related stories
Top stories
Story image
Wireless Nation
Wireless Nation, N4L provide 4G network to remote NZ schools
Wireless Nation and Network for Learning (N4L) have rolled out the Rural Connectivity Group’s (RCG) new 4G network to better connect three Chatham Islands schools.
Story image
First Table
First Table set to revive restaurant commerce in NZ with platform launch
A new restaurant booking platform has launched in New Zealand, giving Kiwi diners the opportunity to save and book at a variety of restaurants around the country.
Story image
Apple previews new features for users with disabilities
Apple says new software features that offer users with disabilities new tools for navigation, health and communication, are set to come out later this year.
Story image
PNY launches XLR8 Gaming EPIX memory products in A/NZ
PNY has launched its XLR8 Gaming EPIC-X RGB™ DDR4 Silver 3200MHz and 3600MHz memory products in Australia and New Zealand.
Story image
WolfVision announces new range of visualisers
WolfVision has announced a new range of visualisers to help meet multiple industry demands for remote learning and educational solutions.
Story image
The AI Forum helps NZ pave the way with AI sustainability practices
Non-profit organisation The AI Forum is helping Kiwis learn about addressing climate change issues through the use of AI technology.
Story image
Hands-on review: The A500 Mini Retro Gaming Console
Retro Games, the UK outfit responsible for a range of retro gaming devices from joystick to full-sized Vic-20s and C64 emulators, have launched their A500 Mini Retro Gaming Console.
Story image
Hands-on review: JBL Partybox 110 Bluetooth speaker
My first review in a long time is sure to create a lot of noise, if the experience in my household has been anything to go by.
Story image
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Hands-on review: Steelseries Aerox 9 Wireless and Aerox 5 gaming mice
Steelseries offered two interesting mice for review, the Aerox 9 Wireless, aimed at MMO/MOBA players, and the Aerox 5, a wired mouse for multi-genre use.
Story image
Poly introduces new smart devices and announces Amazon e-store in Australia
Poly is introducing two new pro-grade devices to the market and announcing its first official Australian e-store on Amazon.
Story image
Microsoft backing Māori and Pacific wāhine in tech industry
A new initiative focused on getting Māori and Pacific wāhine into the tech industry and backed by Microsoft, NZTech and the government is calling for tech companies to get involved.
Story image
Hands-on-review: GoPro Hero 10
I have a long history with GoPro; I still remember getting my first camera when I was 16, using it to film Parkour and the day I lost it down a dingey crag. 
Story image
Dynabook A/NZ announces new Portégé X40L-K hyperlight laptop
Dynabook A/NZ has unveiled the all-new Portégé X40L-K, a hyperlight 14.0" modern laptop utilising cutting-edge, high-performance computing power.
Story image
Vulnerabilities in Lenovo laptops expose users to UEFI malware
Researchers at ESET have discovered three vulnerabilities affecting various Lenovo consumer laptop models.
Story image
Hands-on review: MSI MPG Z690 Carbon WIFI motherboard
It’s all change with Intel’s 12th generation CPUs. We have a new chipset in the 600-series, a new socket with the LGA 1700, and new DDR5 memory.
Story image
Hands-on review: Amazon Kindle Paperwhite Signature Edition
In almost every respect it works like a book, apart from the fact that it weighs next to nothing, fits in my hand perfectly, and is soothing on my eyes.
Story image
Hands-on-review: Creative Outlier Air V3
Creative is back with the third version of its affordable Outlier Air wireless earbuds range - aptly named the ‘V3’. And this time, they come boasting ambient mode and active noise reduction.
Story image
Hands-on review: 32GB PNY XLR8 Gaming MAKO 6000MHz DDR5 memory kit
PNY’s XLR8 Gaming MAKO DDR5 memory modules are designed to get the most out of systems based on Intel’s 12th generation Alder Lake CPUs.
Story image
Game review: Weird West (PlayStation 4)
There have been many games released over the years based on the wild west era, but Weird West is one of the most unique.
Story image
IDC finds 3.9% decline in worldwide tablet shipments
Preliminary data from IDC's Worldwide Quarterly Personal Computing Device Tracker has found tablet shipments reached 38.4 million units during Q1 2022, a year-over-year decline of 3.9%.
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
D-Link launches new G415 Smart Router as part of EAGLE PRO AI range
D-Link A/NZ has announced the launch of its new G415 AX1500 4G Smart Router as part of the new EAGLE PRO AI Series.
Story image
Logitech releases new mouse with ergonomic and sustainable focus
Logitech has announced the Logitech Signature M650 Mouse and the Signature M650 for Business Wireless Mouse, both with new ergonomic features and capabilities.
Story image
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Game review: Lego Star Wars: The Skywalker Saga (Xbox Series X)
The Lego Star Wars games have always been popular with both kids and adults as they are a cute way to relive the famous movies.
Story image
Game review: MLB The Show 22 (PS5)
Historically the MLB The Show series has been exclusive to PlayStation consoles, but now the franchise is expanding.
Story image
Online shopping
A/NZ shoppers plan to spend less, be more selective
For retailers, 2022 is set to be a year of introspection as shoppers across Australia and New Zealand indicate they plan to spend less.
Story image
TikTok launches community-inspired effect capability
TikTok has announced the launch of its Effect House feature to allow its users to create and share Community Effects.
Story image
Significant spike in consumer fraud, new report finds
Reported cases of consumer fraud more than tripled in the years 2020-2021 from prior years, according to a new report by Accenture.
Story image
i-Pro announces newest solutions as rebranded enterprise
i-PRO APAC Oceania has introduced its newest high-resolution mid-range cameras, with combined edge AI analytics and resolutions of up to 4K.
Story image
Hands-on review: Norton Anti Track 19 software
We get hands on with Norton's new privacy tool that was introduced in March 2022.
Story image
Can bots succeed where humans have failed in sustainability?
People want businesses to turn talk into action, and believe technology can help businesses succeed where people have failed.  
Story image
Artificial Intelligence
Tell-tale hints before volcanic eruptions found using AI
Researchers have pinpointed precursors to volcanic eruptions, in data collected before explosions including the deadly 2019 Whakaari surge that killed 22 people.
Story image
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Jabra reveals its latest portable headset Engage 55
Jabra has launched the Engage 55, the newest product in Jabra's Engage series designed for ultimate call security and quality.
Story image
Artificial Intelligence
Google to enter the smartwatch market with the Google Pixel Watch
Google has provided a first look at its new Google Pixel Watch, which is set to make an entry into the competitive smartwatch market.
Story image
Hands-on review: Ghostwire Tokyo (PS5)
Although a bit of a tonal departure for Bethesda, Ghostwire Toyko is a good-looking and eerie action game that is aimed at a very select audience.
Story image
Sony to bring new 1000X series WH-1000XM5 headphones to the market
Sony has announced the newest edition of its award-winning wireless headphones, with the 1000X series WH-1000XM5 noise-cancelling model.
Story image
Emirates to launch NFTs and experiences in the metaverse
"Emirates has embraced advanced technologies to improve business processes, enhance our customer offering, and enrich our employees' skills and experiences."
Story image
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
NZ’s first and only e-waste sorting machine launched
Computer Recycling launches e-waste shredder and MSS optical sorting machine BLUBOX, which is able to sort out a tonne of e-waste per hour
Story image
Dynabook launches new Tecra A40-K and A50-K models
Dynabook has announced two new additions to its Tecra range, with both said to help promote flexible working solutions while also reducing the strain on IT managers.
Story image
Hands-on review: Corsair 32GB Vengeance 5200MHz DDR5 DRAM kit
Corsair’s Vengeance 5200MHz DDR5 DRAM offers PC users an entry-level upgrade to the new memory standard allowing them to get a little bit more out of their new Alder Lake CPUs.