According to Google, Russian, Belarusian, and Chinese attackers have conducted massive phishing campaigns and DDoS attacks targeting government and military agencies and individuals in Ukraine and Europe.
The Threat Analysis Group (TAG), a team of security experts working to protect Google users from national attacks, warns that hundreds of Ukrainians are being targeted.
In the past 12 months, TAG has issued hundreds of government-sponsored attack alerts warning users in Ukraine that they are being targeted by government-sponsored hacks originating primarily from RussiaFor the past two weeks, TAG has been observing the activities of threat actors such as FancyBear and Ghostwriter, who we monitor regularly and are well known to law enforcement. This activity ranges from espionage to phishing campaigns
Phishing for European and Ukrainian credentials
For example, the hacking group FancyBear (aka APT28), part of Russia’s General Staff of the Armed Forces (GRU), has launched a massive credentials phishing campaign that uses compromised email accounts to redirect targets to a Blogspot domain controlled by an attacker They have started several of them.
The Belarusian threat force Ghostwriter (aka UNC1151) has also been confirmed by Google TAG to have targeted military and government organizations in Poland and Ukraine over the past seven days.
The Ukrainian Computer Emergency Response Team (CERT-UA) and Facebook have previously warned about phishing campaigns against Ukrainian government officials and military personnel, which were also caused by Ghostwriter hackers (Mandiant has previously reported with high confidence that (which has been linked to the Belarusian government).
Cybersecurity firm Proofpoint also discovered a spear phishing attack targeting European officials supporting Ukrainian refugees, a campaign similar to the July 2021 phishing attack and attributed to the Ghostwriter hacker collective. It is believed that
It’s not just Russia and Belarus that are attacking Ukrainian and European institutions; the China-based hacking group Mustang Panda (aka Temp.Hex and TA416) has also switched from its usual Southeast Asian targets to European organizations and now They are using phishing attacks related to the invasion of Ukraine.
Proofpoint revealed that it also detected Mustang Panda phishing activity “targeting European diplomatic agencies, including individuals involved in refugee and immigration services.”
Comments