A suspected Russian cyber campaign, Red Stealer, has been spotted targeting eastern Ukraine and stealing data from unsuspecting victims using fake bulletins about the disputed regions of Luhansk and Donetsk as a lure, according to MalwareBytes, a cyber security provider. MalwareBytes revealed that Red Stealer attempted to obtain sensitive data, including screenshots, USB drives, keyboard strokes and microphone recordings, from military, transport and other critical infrastructure targets in Ukraine.
Red Stealer allegedly used legitimate tools like Dropbox to store and share stolen data, and Ngrok to enable web developers to deploy applications and publish services online. The bait used to lure the unwary into clicking on the malicious link in the digital booby trap purports to be about policy decisions made by the 'Donetsk People's Republic', which is not recognised as a sovereign state by most of the international community.
MalwareBytes believes the threat group has been active since at least 2020 and has launched similar campaigns involving bogus policy documents and comments about the disputed territories. In addition, not all of the targets selected by Red Stealer were located in the four separatist regions of Ukraine. Two of them were located in Zhytomyr and Vinnytsia in the central region of the war-torn country.