Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

PC microphones helped steal hundreds of gigabytes of data from Ukraine firms

Add as a preferred source on Google

Allegations of state-sponsored cyberattacks have been in the news lately, including alleged Russian hacks during the recent U.S. elections. These allegations are sometimes based on the code used to break into systems, and sometimes due to the sheer scale and sophistication of attacks that could only be brought by government agencies.

One such large-scale cyberattack, dubbed “Operation BugDrop,” seems to have been perpetrated against targets in Ukraine, as reported on its blog by security firm CyberX. The attack went after at least 70 victim organizations and stole huge amounts of sensitive information using a number of methods including one attack vector — the PC microphone — that is very difficult to guard against.

Recommended Videos

According to CyberX, Operation BugDrop, so named because the microphones of target PCs were “bugged,” used compromised Microsoft Word documents to install malware capable of eavesdropping and capturing hundreds of gigabytes of data. The firm described Operation BugDrop a “well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources.”

CyberX
CyberX

Chief among those resources appear to be a very large and sophisticated infrastructure enabling the attackers to decrypt and analyze massive amounts of data — up to several gigabytes each day — and then store it in a massive cache of data. As CyberX points out, it’s not just a machine-driven attack because the stolen data requires many human analysts to comb through and make sense of it. While state involvement isn’t guaranteed, it is likely.

CyberX
CyberX

Most of the targets were organizations located in Ukraine, including companies involved in engineering and designing oil and gas distribution facilities, human rights organizations, newspaper editors, and more. A smaller number of organizations in Russia, Austria, and Saudi Arabia were also targeted. Stolen data appears to include audio recordings, screenshots, documents, and passwords.

Operation BugDrop serves to highlight the growing importance of well-organized and heavily financed cybercrime operations aimed at private and governmental organizations and capable of accumulating and analyzing massive amounts of proprietary information. CyberX concludes, not surprisingly, that organizations need to be diligent in monitoring their networks and applying more modern technologies to identify and respond to these increasingly sophisticated attacks.

Mark Coppock
Former Computing Writer
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
As AI turbocharges digital abuse, UK agencies urge parents to limit who sees kids’ photos online
The National Crime Agency and Internet Watch Foundation are asking parents to tighten privacy settings as AI-generated abuse material rises.
Social Media

Parents who post pictures of their kids online are being told to rethink the habit. The UK's National Crime Agency and the Internet Watch Foundation have issued new guidance urging families to lock down their social media accounts, warning that publicly shared photos are increasingly being pulled and altered by AI tools to create child sexual abuse material.

The two organizations say most parents have no idea this is happening. Criminals no longer need to contact a child directly to generate such material. They can scrape an ordinary photo and run it through widely available nudify apps.

Read more