CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.
The documents, which have been injected with the malware through the "ctrlpanel.exe" file in 2018, may have been leveraged as lures to facilitate further compromise, according to a report from Cisco Talos' Threat Intelligence Research Team.
"We think it is important to emphasize the risk of such a virus infecting government organizations and the dangers of non-deliberate data leaks which can happen as a result. Instead of VirusTotal, the data could have been leaked to a lot less friendly organization," said Cisco Talos researcher Vanja Svajcer.
Such a development comes almost a year after suspected Russia-linked hacking operation RomCom leveraged malware-laced documents to obtain intelligence regarding Ukraine's NATO membership.