Security News > 2024 > June > Ukraine says hackers abuse SyncThing tool to steal data
The attack utilizes the legitimate file-syncing software SyncThing in combination with malware called SPECTR. Vermin's apparent motive is to steal sensitive information from military organizations.
SyncThing establishes a peer-to-peer connection for data synchronization, which is used for stealing documents and account passwords.
Social: Steals authentication data from various messengers like Telegram, Signal, Skype, and Element.
Browsers: Steals data from browsers including Firefox, Edge, and Chrome, focusing on authentication data, session information, and browsing history.
CERT-UA believes Vermin decided to use a legitimate tool for data exfiltration to reduce the likelihood of security systems flagging the network traffic as suspicious.
Russian Sandworm hackers targeted 20 critical orgs in Ukraine.