From bleepingcomputer.com
The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed “SickSync,” launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces.
The threat group is linked to the Luhansk People’s Republic (LPR) region, which Russia has occupied almost in its entirety since October 2022. The hacker’s activities commonly align with Russia’s interests.
The attack utilizes the legitimate file-syncing software SyncThing in combination with malware called SPECTR.
Vermin’s apparent motive is to steal sensitive information from military organizations.