Using remote access tools Quasar, Sobaken and Vermin, cybercriminals have been systematically spying on Ukrainian government institutions and exfiltrating data from their systems. The threat actors, first mentioned in a report from January 2018 and tracked by ESET since mid-2017, continue to develop new versions of their stealthy malware.
In this white paper, we take a closer look at this ongoing campaign. We provide further details on the malware used to compromise victims’ systems and on the payloads installed on compromised systems, and describe the various methods the attackers use to distribute and target their malware while avoiding detection. Read more here.