Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

A broad selection of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have introduced phishing campaigns towards Ukraine, Poland, and other European entities amid Russia’s invasion of Ukraine.

Google’s Menace Investigation Group (TAG) mentioned it took down two Blogspot domains that were employed by the country-condition team FancyBear (aka APT28) – which is attributed to Russia’s GRU armed service intelligence – as a landing page for its social engineering attacks.

The disclosure will come shut on the heels of an advisory from the Pc Unexpected emergency Reaction Team of Ukraine (CERT-UA) warning of phishing campaigns targeting Ukr.net consumers that require sending messages from compromised accounts that contains one-way links to attacker-managed credential harvesting pages.

An additional cluster of menace activity issues webmail consumers of Ukr.net, Yandex.ru, wp.pl, rambler.ru, meta.ua, and i.ua, who have been at the obtaining conclusion of phishing attacks by a Belarusian danger actor tracked as Ghostwriter (aka UNC1151).

The hacking group also “performed credential phishing campaigns above the past 7 days towards Polish and Ukrainian authorities and army businesses,” Shane Huntley, director of Google TAG, reported in a report.

But it’s not just Russia and Belarus who have established their sights on Ukraine and Europe. Bundled in the mix is a China-dependent danger actor recognized as Mustang Panda (aka TA416 or RedDelta) making an attempt to plant malware in “specific European entities with lures associated to the Ukrainian invasion.”

The findings were being also separately corroborated by organization security company Proofpoint, which in depth a multi-yr TA416 marketing campaign against diplomatic entities in Europe beginning in early November 2021, counting an “particular person associated in refugee and migrant expert services” on February 28, 2022.

The an infection sequence entailed embedding a destructive URL in a phishing message making use of a compromised email tackle of a diplomat from a European NATO place, which, when clicked, delivered an archive file incorporating a dropper that, in switch, downloaded a decoy document to retrieve the ultimate-phase PlugX malware.

The disclosures occur as a deluge of distributed denial-of-provider (DDoS) attacks that have strike quite a few Ukraine sites, this kind of as people associated with the Ministry of Protection, Overseas Affairs, Interior Affairs, and services like Liveuamap.

“Russian hackers maintain on attacking Ukrainian details methods nonstop,” the Point out Support of Unique Communications and Facts Safety of Ukraine (SSSCIP) stated in a tweet more than the weekend.

“The most impressive [DDoS] attacks exceeded 100 Gbps at their peak. Regardless of all the included enemy’s sources, the websites of the central governmental bodies are offered.”

In a associated progress, the Nameless hacking collective claimed that it took down the site of the Federal Security Services of Russia and that it interrupted the stay feeds for various Russian Television channels and streaming providers like Wink, Ivi, Russia 24, Channel 1, and Moscow 24 to broadcast war footage from Ukraine.

The wave of counterattacks in opposition to Russia has been galvanized by the formation of an IT Army, a crowdsourced Ukrainian authorities initiative which is relying on digital warfare to disrupt Russian authorities and military targets.

The progress also follows Russia’s conclusion to ban Facebook and throttle other commonly-applied social media platforms in the country just as technology businesses from the U.S. have moved to sever ties with Russia, proficiently producing an iron curtain and curtailing online entry.

Discovered this posting intriguing? Observe THN on Fb, Twitter  and LinkedIn to examine much more special material we publish.

Some elements of this posting are sourced from:
thehackernews.com