Initially observed last week, the activity surrounding the new malware family, which labels itself Prestige, does not appear to be connected with any of the ransomware or threat groups that Microsoft currently tracks, and is currently referred to as DEV-0960.

However, the tech giant warns of potential overlaps with previously observed Russian state-sponsored activity through victimology, as some of the targeted organizations were previously hit with the destructive HermeticWiper malware (also known as FoxBlade).

“Despite using similar deployment techniques, the campaign is distinct from recent destructive attacks leveraging AprilAxe (ArguePatch)/CaddyWiper or Foxblade (HermeticWiper) that have impacted multiple critical infrastructure organizations in Ukraine over the last two weeks,” Microsoft says.