Security News > 2023 > March > Unknown actors deploy malware to steal data in occupied regions of Ukraine
A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky.
In a report published Tuesday, Kaspersky researchers detailed the infections, which use a PowerShell-based backdoor they've named "PowerMagic" and a previously unknown framework dubbed "CommonMagic" that can steal files from USB devices, take screenshots every three seconds, and send all of this data back to the attacker.
"Geopolitics always affect the cyber threat landscape and lead to the emergence of new threats," Leonid Besverzhenko, security researcher at Kaspersky's Global Research and Analysis Team, explained in a statement.
The research team first spotted the infection in October 2022, and suspect it starts with a spearphishing email directing the victim to a URL that points to a.zip archive on a malicious web server.
There's a screenshot in Kaspersky's research showing one of these decoy Word documents, titled "Results of the State Duma elections in the Republic of Crimea".
The researchers suggest that PowerMagic also deploys a modular framework called CommonMagic.