Attacks with the SPECTR information-stealing malware were discovered by Ukraine's Computer Emergency Response Team to have been deployed against the country's defense forces by Luhansk People's Republic-associated threat operation UAC-0020, also known as Vermin, as part of its SickSync cyberespionage campaign, The Hacker News reports.
UAC-0020 has leveraged spear-phishing emails to facilitate the distribution of a malicious SyncThing app with the SPECTR payload, which allows the theft of browser and app credentials and USB drive data, as well as the capturing of files and screenshots from targeted devices, which are then exfiltrated using the legitimate SyncThing app's synchronization feature, a CERT-UA advisory noted.
Such an advisory follows an earlier warning from the agency regarding the exploitation of the Signal app to deploy the DCRat trojan in a campaign associated with the UAC-0200 threat cluster, as well as a Symantec report detailing a malicious Excel campaign by GhostWriter against the Ukrainian Ministry of Defense.