(Bloomberg) -- Ukrainian cybersecurity officials said Tuesday that a prominent Russian-backed hacking group is behind a new wave of malware attacks being spread via innocuous-looking emails.

The Ukrainian Computer Emergency Response Team said emails warning of unpaid taxes or nuclear terrorism are, in fact, ruses for delivering malicious software. Opening the files, they warned, leads users to downloading Cobalt Strike or CredoMap malware. The Cobalt Strike hacking tool enables attackers to record victims’ keystrokes and move through breached machines, according to cybersecurity researchers. 

Attackers are targeting critical infrastructure sectors in Ukraine, the government alert warns. 

Ukrainian officials associated the new campaign with APT28, known as Fancy Bear, a Kremlin-backed cyber-espionage group that US intelligence officials have said was active in the 2016 US presidential election. The cybersecurity firm CrowdStrike Holdings Inc. has called Fancy Bear a constant threat to global organizations.

A representative for the Russian embassy in Washington didn’t immediately return an email seeking comment.

©2022 Bloomberg L.P.