However, the victims – administrative, agricultural and transportation organizations located in the Donetsk, Luhansk and Crimea regions – and the phishing lures suggest that this campaign is related to the illegal Russian invasion of Ukraine.
Well, quite.
Ok, so transportation organisations I completely understand wanting to spy on; saying where cargo [especially military cargo; ie Russian ammunition] is being picked up and delivered to has very obvious military applications; helping Russian ammo stockpiles explode in the warehouse rather than after being delivered to and fired by the Russians.
Administrative makes general sense as there might be usable information [We are going to use building X for R&R for Russian troops between X and Y dates = legitimate military target], however i'm not seeing any particularly obvious reason as to why they would care much about agricultural organisations.
Can anybody see what i'm missing? Perhaps X food amount is being delivered to Y location gives Russian troop strengths?