FutureFive New Zealand logo
Consumer technology news from the future
Story image

Russian, Ukraine-themed war lure of choice for cyber espionage

By Shannon Williams
Fri 8 Apr 2022

Russian and Ukraine-themed war documents have become the lure of choice for cyber espionage, according to a new analysis from Check Point Research.

Check Point Research, the threat intelligence arm of Check Point Software, has named three APT groups, named El Machete, Lyceum and SideWinder, found to be running spear-phishing campaigns in five countries.

CPR counts victims in Nicaragua, Venezuela, Israel, Saudi Arabia and Pakistan. Victims identified span government, financial and energy sectors.

The cybersecurity firm continues to see a rise in overall cyberattacks on both Ukraine and Russia, +39% and +22% respectively, since the beginning of war

According to CPR, the attackers used decoys ranging from official-looking documents, to news articles and job postings. After examining the lure documents, CPR found malware capable of keylogging, screenshotting and executing commands. 

CPR believes the motivation behind these recent cyber espionage campaigns is to steal sensitive information from governments, banks, and energy companies. 

“Right now, we are seeing a variety of APT campaigns that utilises the current war for malware distribution," says Sergey Shykevich, threat ontelligence group manager at Check Point Software.

"The campaigns are highly targeted and sophisticated, focusing on victims in the government, financial and energy sectors. In our newest report, we profile and bring examples from three different APT groups, who all originate in different parts of the world, that we caught orchestrating these spear-phishing campaigns," he says. 

"We studied the malware involved closely, and found capabilities that span keylogging, screenshotting and more. It is my strong belief that these campaigns are designed with the core motivation of cyber espionage," Shykevich says. 

"Our findings reveal a clear trend, that collateral around the war between Russia and Ukraine has become a lure of choice for threat groups world-wide," he adds. 

"I strongly recommend governments, banks and energy companies to reiterate cyber awareness and education to employees, and to implement cybersecurity solutions that protect the network on all levels.”

Malware Capabilities

CPR studied the malware laced by each of the three APT groups, specifically for these cyber espionage activities. Capabilities include:

  • Keylogging: steals everything you enter using the keyboard 
  • Credential collection: collects credentials stored in Chrome and Firefox browsers
  • File collection: collects information about the files on each drive and collect file names and file sizes, allowing theft of specific files
  • Screenshotting
  • Clipboard data collection
  • Command execution

Attack Methodologies

El Machete

Spear-phishing email with text about Ukraine
Attached Word document with article about Ukraine
Malicious macro inside the document drops a sequence of files
Malware downloaded to the PC
 
Lyceum

Email with content about war crimes in Ukraine and link to malicious document hosted on a website
The document executes a macro code when the document is closed
Exe file is saved to the PC
Next time you restart your PC the malware runs
 
SideWinder

Malicious document is opened by the victim
When it’s opened, the document retrieves a remote template from an actor-controlled server
The external template that’s downloaded is an RTF file, that exploits the CVE-2017-11882 vulnerability
Malware on the PC of the victim

According to CPR, El Machete was spotted sending spear-phishing emails to financial organisations in Nicaragua, with an attached Word document titled “Dark plans of the neo-Nazi regime in Ukraine.” The document contained an article written and published by Alexander Khokholikov, the Russian ambassador to Nicaragua that discussed the Russo-Ukrainian conflict from the perspective of the Kremlin.

In mid-March, an Israeli energy company received an email from the address inews-reporter@protonmail[.]com with the subject “Russian war crimes in Ukraine.” The email contained a few pictures taken from public media sources and contained a link to an article hosted on the news-spot[.]live domain. The link in the email leads to a document which contains the article “Researchers gather evidence of possible Russian war crimes in Ukraine” published by The Guardian. The same domain hosts a few more malicious documents related Russia as well as the Russia-Ukraine war, such as a copy of an article by The Atlantic Council from 2020 on Russian nuclear weapons, and a job posting for an “Extraction / Protective Agent” agent in Ukraine.

CPR says SideWinder’s malicious document, which also exploits the Russia-Ukraine war, was uploaded to VirusTotal in mid-March. Judging by its content, the intended targets are Pakistani entities; the bait document contains the document of the National Institute of Maritime Affairs of Bahria University in Islamabad, and is titled “Focused talk on Russian Ukraine Conflict Impact on Pakistan.” This malicious document uses remote template injection. When it’s opened, the document retrieves a remote template from an actor-controlled server.

Latest Overall Cyber Attack Numbers on Ukraine, Russia and NATO Countries

Recently, Check Point Research (CPR) released an update on cyberattack trends throughout the current Russia-Ukraine war. One month after the war started on 24th February 2022, both Russia and Ukraine saw increases in cyber-attacks of 10% and 17% respectively. CPR has also observed a 16% increase in cyber-attacks globally throughout the current conflict. CPR shared cyber-attack data for NATO countries, regions and more here.  

Related stories
Top stories
Story image
Malware
Research shows attacks on the gaming industry are getting worse
Web application attacks in the gaming sector have grown by 167% from Q1 2021 to Q1 2022, according to new research from Akamai.
Story image
Phishing
Norton research finds NZ threat landscape diversifying on social media
Norton's quarterly report has highlighted the seriousness of the threat landscape in New Zealand.
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
Gaming
Chorus announces Hyperfibre sponsorship deal with NZ Esports
Chorus has put its support behind New Zealand's Esports community with a newly announced three-year Hyperfibre sponsorship deal with NZ Esports.
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
Gaming
Logitech G’s new Aurora collection looks to help change gaming stereotypes
The company’s new Aurora collection is designed to be gender inclusive, not gender exclusive, addressing the needs and wants of women gamers while also still appealing to a wider general audience.
Story image
Projector
Hands-on review: BenQ GV30 portable projector
The BenQ GV30 is a portable projector that excels in many aspects but comes up short in a couple of others.
Story image
Gaming
Hands-on review: SteelSeries Apex Pro Mini Keyboard
SteelSeries has taken the design of its range of Apex keyboards to create a smaller version, the Apex Pro Mini. Techday’s Darren Price checks it out.
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
Cryptocurrency
Crypto app downloads down as market crashes - report
It appears the mass FOMO around crypto investing may be wearing thin with new data revealing a noticeable drop in crypto app downloads this year.
Story image
Gaming
Game review: Wreckfest (Nintendo Switch)
Wreckfest is a fun racing game that came out for multiple different gaming platforms a few years ago. One of the best things about the game is that it's relatively cheap to buy if you own a PS4 or Xbox One console.
Story image
VPN
Hands-on review: Norton Secure VPN
Norton is obviously serious about your privacy. They have a “No-log” policy, which simply means that they do not track or store any of your on-line activities.
Story image
Fibre
Orcon brings faster fibre to Christchurch with Hyperfibre offering
Orcon has today launched the next generation of fibre speeds in Christchurch, bringing its Hyperfibre offering to the city.
Story image
Tablets & laptops
Hands-on review: HP Evo Spectre X360 Flip Ultrabook 13.5” laptop
The Spectre comes with a keyboard that makes working for long hours something to be looked forward to. It has to be one of the best keyboards I have seen on a 13.5” laptop.
Story image
Review
Hands-on review: Logitech Astro A10 Gen 2 wired headset
We get our hands on this incredibly good value for money headset for use in wired environments.
Story image
STM
Hands-on review: STM ChargeTreeGo portable wireless charger
We get our hands on the ultimate charging accesory for roadwarriors with a bunch of Apple devices.
Story image
Malware
Minors using Discord servers to spread malware for cash
Avast has discovered an online community of minors constructing, exchanging and spreading malware, including ransomware and a mix of information stealers and cryptominers.
Story image
Gaming
Game review: Disgaea 6 Complete
Disgaea 6: Defiance of Destiny originally came out in 2021, and more than a year later, the game has now been re-released.
Story image
Internet
InternetNZ appoints new chief executive. Will take over in October
InternetNZ has announced the appointment of its new chief executive, with Vivien Maidaborn taking over the role from interim chief Andrew Cushen in October.
Story image
Virtual Reality / VR
Virtual reality app reduces phobias through NZ trial
"With this VR app treatment, trialists had increased control in exposure to their fears, as well as control over when and where exposure occurs."
Story image
Smartphone
Xreart Studio - Turning old masterpieces into new ones
Xreart now specialises in transforming pre-loved smartphones, smartwatches and handheld game consoles into artistic conversation starters for your office, studio or man cave.
Story image
ASB
New ASB campaign helps young people better understand money
ASB is helping 18 to 24-year-olds take advantage of financial possibilities and better understand the world of money.
Story image
Gaming
Hands-on review - Xbox Cloud Gaming
I've had the opportunity not just to access the game pass but also its new shiny feature, Xbox Cloud Gaming. In this review, we'll be deep-diving into just what Xbox Cloud Gaming is, how it works and, well, if it works.
Story image
Dark web
Deep web vs dark web: NortonLifeLock explains the difference
NortonLifeLock managing director for APAC Mark Gorrie explains what you need to know about the deep and dark web and the pros and cons of both.
Story image
Gaming
Everything we know so far about NBA 2K23
As excitement for the next iteration of 2K Games’ NBA basketball series builds, some new information on the upcoming game, NBA 2K23, has been released.
Story image
i-PRO
I-Pro officially marks launch of brand in Australia and New Zealand
I-Pro has officially launched in Australia and New Zealand, following a series of new releases as an entity that started in early April.
Story image
Wireless
Hands-on review: Jabra Engage 55 wireless headset
We get our hands on a German design professional headset that many knowledge workers could benefit from.
Story image
Gaming
Game review: Klonoa Phantasy Reverie Series
If there's something missing in today's gaming industry, it's the wonderful discovery of finding new games for hire at your local video rental store. I remember my family hired out the first Klonoa game for the PSOne back in 1997, and it was a blast to play as a kid.
Story image
Cloud
Microsoft and Auckland Transport announce new cloud agreement
Auckland Transport (AT) and Microsoft have announced a new cloud agreement aimed at promoting innovation, reducing costs and improving sustainability in transport services.
Story image
Review
Hands-on review: TCL 30 SE mobile phone
TCL continues to provide consumers with budget phones that still pack a punch with the TCL 30 SE mobile phone. 
Story image
Gaming
Game review: The Elder Scrolls Online: High Isle
This year's major expansion to The Elder Scrolls Online, Zenimax Online's acclaimed massively multiplayer online role-playing game, takes players to the land of the Bretons: High Isle.
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
Gaming
Hands-on impressions with PlayStation Plus Deluxe
Finally, the new PlayStation Plus subscription tiers are available now to both New Zealand and Australian PS5 and PS4 gamers.
Story image
Planning
Digital key for smart investment in public infrastructure for NZ cities
Major public infrastructure projects can better manage risks of cost overruns and delays if they deploy data and digital tools at the earliest planning stages.
Story image
Networks
2degrees launches 13 new 5G coverage areas, network upgrades
2degrees has announced it has launched 13 new 5G areas in June, as the company continues its 5G rollout and investment.
Story image
Gaming
Hands-on review: SteelSeries Arctis Nova Pro gaming headset
SteelSeries, being no stranger to creating premium gaming peripherals, sent over its Arctis Nova Pro wired headset kit for us to take a look at.
Story image
Cryptocurrency
Freelance tech jobs boom, NFTs and crypto plunge following crash
"Jobs for NFTs and crypto have dominated the past few quarters of our Fast 50 report, but as you can see they're now falling sharply."
Story image
Cybersecurity
Online bullying, harassment skyrockets since COVID outbreak
Harmful content reports have risen by over 25% since the outbreak of the COVID pandemic, according to Netsafe.
Story image
Netsafe
Major media companies sign new online safety framework for Aotearoa
A new joint development between Netsafe and some of the world's leading social media companies is set to provide Kiwis with safer online experiences.
Story image
Phone
Hands-on review: Obsbot Me AI-powered mobile phone mount
The Obsbot Me is an independently controlled portable mobile phone mount that can track its target without the need for software or a connection to a phone.