Russia has hacked the White House, gained access to President Barack Obama’s emails, and even infiltrated into Pentagon’s network. So, it’s little surprise that Moscow has been waging an all-out cyberwar against Ukrainian law enforcement agencies and military. According to a new report from security firm Lookingglass, the Russian gang of hackers is extracting classified documents that can help them (and probably Moscow-backed separatists) in on-the-ground combat.

Russia Wages All-Out Cyberwar Against Ukraine

Russian hackers are using ‘lure documents’

Lookingglass CEO Chris Coleman told NPR that the attacks were persistent, but not sophisticated. The Arlington, Virginia-based cyber security firm said that it tracked malware that was in emails. Russian hackers are getting the Ukrainian military, local police, counterintelligence, and border patrol to open these malicious emails that look legit.

They use “lure documents” to entice the recipient to open the email. Lookingglass lead researcher Jason Lewis cited an MS-Word file dated January 15, 2015. The file had “not for distribution” written on it in Ukrainian. It gives an overview of the situation on the Ukraine-Russia border. Lewis says hackers stole the document from Ukraine’s State Border Guard Service, inserted the malware, and sent it to another Ukrainian security agency.

Russia started collecting combat intel in April 2014

There would be at least one person who considers it legit and opens the email. Even military offers are human, says Lewis, who has previously worked at the National Security Agency. The malware then infects the computer, allowing hackers to extract all the information. Lookingglass said hackers started collecting combat intel in April 2014 when the acting Ukrainian President launched a military operation against pro-Russia separatists.

It was just one example of Russian cyberattacks on Kiev. In September 2014 when Ukraine declared that Russian spy agency KGB was behind the attacks, hackers tweaked their malicious software. Lookingglass also found that the cyberattacks stopped for a brief period when Ukraine and Russia negotiated a ceasefire last June. It indicates that hackers see themselves as part of the battlefield rather than intelligence gathering, which goes on even during a ceasefire.

Lookingglass said neither Russia nor Ukraine was its client. It couldn’t investigate whether Ukraine was also hacking Russia.