A Russian cyber espionage group is suspected of repurposing another malware campaign's old infrastructure to spy on a Ukrainian computer network.

The Russian hackers, who have been active in Ukraine for at least two years, were found to be using an old version of the Turla or Snake malware. The group is believed to have targeted the Ukrainian government with a backdated attack campaign, in pursuit of information on Ukrainian military operations which could then be used against them.

The hackers created a fake website which they masqueraded as one belonging to Microsoft Support. They then injected a malicious code into that site and downloaded onto computers visiting it by exploiting Windows vulnerabilities.

While this particular attempt was curtailed by security patches issued by Microsoft three weeks ago, it is still possible for similar attacks on unsuspecting users in Ukraine or elsewhere around the world.

‍

Source: Mandiant detects Russian cyber spies using old malware in Ukraine (axios.com)