VERY IMPORTANT

The attackers behind the campaign have been tracked by ESET since mid-2017; their activities were first publicly reported in January 2018. Our analysis shows that these cybercriminals continue to improve their campaigns by developing new versions of their espionage tools. According to ESET’s telemetry, the attacks have been targeted at Ukrainian government institutions, with a few hundred victims in different organizations. Attackers have been using stealthy remote access tools (RATs) to exfiltrate sensitive documents from the victims’ computers.