Security scientists have detected a new phishing campaign linked to a notorious disinformation risk team, which is focusing on European governments as they check out to regulate an inflow of Ukrainian refugees.
To start with noticed on February 24, the initial phishing email was sent employing a compromised account belonging to a member of the Ukrainian navy, according to Proofpoint.
The email alone piggybacked on news of a modern UN Security Council meeting, and contained a malicious XLS macro later identified to produce the SunSeed malware. The file alone was spoofed to seem as if it contained a lately discovered ‘kill list’ of Ukrainian figures drawn up by Moscow.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The timing also appeared to coincide with Ukrainian CERT warnings of common phishing campaigns concentrating on military personnel and family and released by Belarusian group Ghostwriter (UNC1151/TA445).
“The Proofpoint-noticed email messages were being confined to European governmental entities. The targeted persons possessed a variety of know-how and experienced duties. However, there was a distinct choice for targeting men and women with responsibilities similar to transportation, economic and budget allocation, administration, and population movement within Europe,” Proofpoint explained.
“This marketing campaign could depict an endeavor to get intelligence pertaining to the logistics bordering the movement of resources, materials, and people in just NATO member nations.”
Whilst Proofpoint mentioned it didn’t have definitive specialized evidence linking the campaign to Ghostwriter, it had spotted “several temporal and anecdotal indicators”.
It could be that the team is collecting proof to enable craft more narratives about migrants and refugees intended to sow discord throughout Europe, a tactic it has utilised prior to.
“TA445, which appears to work out of Belarus, precisely has a historical past of engaging in a considerable volume of disinformation operations meant to manipulate European sentiment all over the motion of refugees within just NATO nations around the world,” Proofpoint concluded.
“These controlled narratives may possibly intend to marshal anti-refugee sentiment within just European international locations and exacerbate tensions concerning NATO customers, reducing Western support for the Ukrainian entities included in armed conflict. This method is a recognized factor in just the hybrid warfare design utilized by the Russian navy and by extension that of Belarus.”
Some pieces of this short article are sourced from: