Hackers working for Russia’s Federal Security Service have mounted multiple cyberattacks that used USB-based malware to steal large amounts of data from Ukrainian targets for use in its ongoing invasion of its smaller neighbor, researchers said.
“The sectors and nature of the organizations and machines targeted may have given the attackers access to significant amounts of sensitive information,” researchers from Symantec, now owned by Broadcom, wrote in a Thursday post. “There were indications in some organizations that the attackers were on the machines of the organizations’ human resources departments, indicating that information about individuals working at the various organizations was a priority for the attackers, among other things.”
The group, which Symantec tracks as Shuckworm and other researchers call Gamaredon and Armageddon, has been active since 2014 and has been linked to Russia’s FSB, the principal security service in that country. The group focuses solely on obtaining intelligence on Ukrainian targets. In 2020, researchers at security firm SentinelOne said the hacking group had “attacked over 5,000 individual entities across the Ukraine, with particular focus on areas where Ukrainian troops are deployed.”