Russian hackers have launched a new cyberattack campaign targeting Ukrainian organizations. Security researchers discovered that these hackers used legitimate system tools already present on computers instead of traditional malware. This stealthy method allowed them to move through networks quietly, steal information, and remain undetected for long periods.

The investigation revealed that two Ukrainian organizations were affected a large business services company and a local government body. In one case, the attackers stayed hidden inside the company’s network for nearly two months. In the second, they maintained access to the government system for about a week before being found.

Unlike most cyberattacks that use custom malware, these hackers relied on “living-off-the-land” tactics. This means they used built-in Windows tools like PowerShell and remote admin programs to perform malicious actions. Because these tools are normally used by administrators, it became very difficult for defenders to detect anything suspicious.

Experts from Symantec and Carbon Black reported that the attackers gained access by exploiting vulnerabilities on public-facing servers. They installed hidden web shells that gave them control over the system. Once inside, they performed multiple operations, such as collecting files, checking user accounts, and enabling remote access.

The hackers also modified Windows settings to disable security scans and avoid detection. They used legitimate tools to copy clipboard data, create scheduled tasks, and control connected devices. This method allowed them to operate silently while leaving almost no trace of their presence on the affected systems.

Although the researchers did not directly name the group, they confirmed that the activity appears to be of Russian origin. The campaign is part of a broader trend of stealth operations linked to Russia’s ongoing cyber conflict with Ukraine. Such attacks are becoming more advanced and harder to detect each year.

Cybersecurity experts warn that living-off-the-land attacks are extremely dangerous because they blend in with normal system behavior. Organizations are advised to closely monitor the use of administrative tools, apply the latest security patches, and limit access privileges for users to minimize risks.

This campaign highlights how modern hackers are choosing stealth over speed. Instead of crashing systems, they prefer to hide inside networks and collect data quietly. For Ukraine and other countries in conflict zones, constant vigilance, proper monitoring, and stronger cybersecurity practices are the best defense against these silent digital intrusions.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news