From theregister.com
A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.
In a report published Tuesday, Kaspersky researchers detailed the infections, which use a PowerShell-based backdoor they’ve named “PowerMagic” and a previously unknown framework dubbed “CommonMagic” that can steal files from USB devices, take screenshots every three seconds, and send all of this data back to the attacker.
Kaspersky says the cyber snoops, which have been active since at least September 2021, don’t share infrastruture, code, or other direct ties to any known advanced persistent threat (APT) groups. However, the victims – administrative, agricultural and transportation organizations located in the Donetsk, Luhansk and Crimea regions – and the phishing lures suggest that this campaign is related to the illegal Russian invasion of Ukraine.