• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
google: russian hackers target ukrainians, european allies via phishing attacks

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

You are here: Home / General Cyber Security News / Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
March 8, 2022

A broad selection of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have introduced phishing campaigns towards Ukraine, Poland, and other European entities amid Russia’s invasion of Ukraine.

Google’s Menace Investigation Group (TAG) mentioned it took down two Blogspot domains that were employed by the country-condition team FancyBear (aka APT28) – which is attributed to Russia’s GRU armed service intelligence – as a landing page for its social engineering attacks.

The disclosure will come shut on the heels of an advisory from the Pc Unexpected emergency Reaction Team of Ukraine (CERT-UA) warning of phishing campaigns targeting Ukr.net consumers that require sending messages from compromised accounts that contains one-way links to attacker-managed credential harvesting pages.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


An additional cluster of menace activity issues webmail consumers of Ukr.net, Yandex.ru, wp.pl, rambler.ru, meta.ua, and i.ua, who have been at the obtaining conclusion of phishing attacks by a Belarusian danger actor tracked as Ghostwriter (aka UNC1151).

The hacking group also “performed credential phishing campaigns above the past 7 days towards Polish and Ukrainian authorities and army businesses,” Shane Huntley, director of Google TAG, reported in a report.

Automatic GitHub Backups

But it’s not just Russia and Belarus who have established their sights on Ukraine and Europe. Bundled in the mix is a China-dependent danger actor recognized as Mustang Panda (aka TA416 or RedDelta) making an attempt to plant malware in “specific European entities with lures associated to the Ukrainian invasion.”

The findings were being also separately corroborated by organization security company Proofpoint, which in depth a multi-yr TA416 marketing campaign against diplomatic entities in Europe beginning in early November 2021, counting an “particular person associated in refugee and migrant expert services” on February 28, 2022.

The an infection sequence entailed embedding a destructive URL in a phishing message making use of a compromised email tackle of a diplomat from a European NATO place, which, when clicked, delivered an archive file incorporating a dropper that, in switch, downloaded a decoy document to retrieve the ultimate-phase PlugX malware.

The disclosures occur as a deluge of distributed denial-of-provider (DDoS) attacks that have strike quite a few Ukraine sites, this kind of as people associated with the Ministry of Protection, Overseas Affairs, Interior Affairs, and services like Liveuamap.

“Russian hackers maintain on attacking Ukrainian details methods nonstop,” the Point out Support of Unique Communications and Facts Safety of Ukraine (SSSCIP) stated in a tweet more than the weekend.

Prevent Data Breaches

“The most impressive [DDoS] attacks exceeded 100 Gbps at their peak. Regardless of all the included enemy’s sources, the websites of the central governmental bodies are offered.”

In a associated progress, the Nameless hacking collective claimed that it took down the site of the Federal Security Services of Russia and that it interrupted the stay feeds for various Russian Television channels and streaming providers like Wink, Ivi, Russia 24, Channel 1, and Moscow 24 to broadcast war footage from Ukraine.

The wave of counterattacks in opposition to Russia has been galvanized by the formation of an IT Army, a crowdsourced Ukrainian authorities initiative which is relying on digital warfare to disrupt Russian authorities and military targets.

The progress also follows Russia’s conclusion to ban Facebook and throttle other commonly-applied social media platforms in the country just as technology businesses from the U.S. have moved to sever ties with Russia, proficiently producing an iron curtain and curtailing online entry.

Discovered this posting intriguing? Observe THN on Fb, Twitter  and LinkedIn to examine much more special material we publish.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «encryption software market to hit $22.1 billion by 2026 Encryption software market to hit $22.1 billion by 2026
Next Post: The state of SD-WAN, SASE and zero trust security architectures the state of sd wan, sase and zero trust security architectures»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.