Skip to main content

PC microphones helped steal hundreds of gigabytes of data from Ukraine firms

operation bugdrop used pc microphones to steal data in ukraine hackers
Image used with permission by copyright holder
Allegations of state-sponsored cyberattacks have been in the news lately, including alleged Russian hacks during the recent U.S. elections. These allegations are sometimes based on the code used to break into systems, and sometimes due to the sheer scale and sophistication of attacks that could only be brought by government agencies.

One such large-scale cyberattack, dubbed “Operation BugDrop,” seems to have been perpetrated against targets in Ukraine, as reported on its blog by security firm CyberX. The attack went after at least 70 victim organizations and stole huge amounts of sensitive information using a number of methods including one attack vector — the PC microphone — that is very difficult to guard against.

According to CyberX, Operation BugDrop, so named because the microphones of target PCs were “bugged,” used compromised Microsoft Word documents to install malware capable of eavesdropping and capturing hundreds of gigabytes of data. The firm described Operation BugDrop a “well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources.”

CyberX
CyberX

Chief among those resources appear to be a very large and sophisticated infrastructure enabling the attackers to decrypt and analyze massive amounts of data — up to several gigabytes each day — and then store it in a massive cache of data. As CyberX points out, it’s not just a machine-driven attack because the stolen data requires many human analysts to comb through and make sense of it. While state involvement isn’t guaranteed, it is likely.

CyberX
CyberX

Most of the targets were organizations located in Ukraine, including companies involved in engineering and designing oil and gas distribution facilities, human rights organizations, newspaper editors, and more. A smaller number of organizations in Russia, Austria, and Saudi Arabia were also targeted. Stolen data appears to include audio recordings, screenshots, documents, and passwords.

Operation BugDrop serves to highlight the growing importance of well-organized and heavily financed cybercrime operations aimed at private and governmental organizations and capable of accumulating and analyzing massive amounts of proprietary information. CyberX concludes, not surprisingly, that organizations need to be diligent in monitoring their networks and applying more modern technologies to identify and respond to these increasingly sophisticated attacks.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Best deal ever? Get 80% off PureVPN and an Uber Eats voucher
A close-up of a computer monitor displaying a generic VPN.

Everyone should sign up to a virtual private network, so if you're looking for VPN deals, here's one that you wouldn't want to miss -- two years plus three extra months of PureVPN's Max Plan at 80% off for just $4 per month, for a total of $108 for 27 months. That's $16 in savings per month for dependable online protection, and to top it off, you'll be getting an Uber Eats voucher worth up to $30. We're not sure how much time is remaining on this offer though, so if you're interested, you're going to have to sign up for the subscription immediately.

Why you should sign up for PureVPN Max Plan
A VPN is a necessity in this digital age because it will protect your data from being accessed by cybercriminals. It will also help you get around any geoblocking restrictions as you can have your device appear as if it's located in another part of the world. PureVPN is one of the best VPNs for these purposes, as it uses a global network of more than 6,500 servers that are located across dozens of countries.

Read more
Razer’s most boring product is also one of its best
The Razer Iskur V2 gaming chair in an office.

Razer isn't exactly known for subtlety. This is the company that released a Bane-like RGB face mask, a headset with haptic feedback, and most recently, a mouse pad that has RGB lighting from corner to corner. The Iskur V2 chair is an exercise in subtlety, however, and a change of pace that pays off for Razer in a big way.

There's nothing special about the Iskur V2 at first glance. It's a gaming chair fit with the usual racer-style back and some green trim to let you know it's a Razer product. But there are no motors promising immersive haptic feedback, and no RGB leaving you tethered to a wall outlet (yes, Razer has done both in a chair before). The Iskur V2 is just a well-designed, comfortable chair, and that's exactly why it's so impressive.
Out of the box

Read more
Best OLED monitor deals: Get an OLED screen from just $450
Marvel's Spider-Man running on the Samsung Odyssey OLED G8.

Up to a couple of years ago, OLED technology only really existed in OLED TVs and very-high-end monitors that cost thousands and thousands of dollars. Luckily, the prices have come down quite substantially, even on the best OLED monitors, especially as the market gets more saturated with options. That means that if you tend to use a monitor for the majority of your content consumption, such as gaming, then you can grab an OLED monitor for a great price and experience amazing visual fidelity and reproduction.

To that end, we've gone out and scoured all the major retailers and brands to find our favorite OLED monitor deals out there and compiled them below. That said, if you haven't quite found what you're looking for, or feel you aren't ready for an OLED monitor, be sure to check out some of these other great monitor deals.
LG UltraGear 27-inch gaming monitor -- $660, was $1,000

Read more