Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    What's Hot

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Home»Cyber Security»Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine
    Cyber Security

    Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

    justmattgBy justmattgApril 19, 2023No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    [ad_1]

    Apr 19, 2023Ravie LakshmananCyber War / Cyber Attack

    Phishing Attacks in Ukraine

    Elite hackers associated with Russia’s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war.

    Google’s Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the “group’s 2022 focus on targeting webmail users in Eastern Europe.”

    The state-sponsored cyber actor, also tracked as APT28, Fancy Bear, Forest Blizzard, Iron Twilight, Sednit, and Sofacy, is both highly active and proficient. It has been active since at least 2009, targeting media, governments, and military entities for espionage.

    The latest intrusion set, starting in early February 2023, involved the use of reflected cross-site scripting (XSS) attacks in various Ukrainian government websites to redirect users to phishing domains and capture their credentials.

    The disclosure comes as U.K. and U.S. intelligence and law enforcement agencies released a joint advisory warning of APT28’s attacks exploiting an old, known vulnerability in Cisco routers to deploy malware known as Jaguar Tooth.

    FROZENLAKE is far from the only actor focused on Ukraine since Russia’s military invasion of the country over a year ago. Another notable adversarial collective is FROZENBARENTS – aka Sandworm, Seashell Blizzard (née Iridium), or Voodoo Bear – which has engaged in a sustained effort to target organizations affiliated to the Caspian Pipeline Consortium (CPC) and other energy sector entities in Eastern Europe.

    Phishing Attacks in Ukraine

    Both groups have been attributed to the General Staff Main Intelligence Directorate (GRU), with APT28 tied to the 85th Special Service Center (GTsSS) military intelligence unit 26165. Sandworm, on the other hand, is believed to be part of GRU’s Unit 74455.

    The credential harvesting campaign targeted CPC employees with phishing links delivered via SMS. The attacks against the energy vertical distributed links to fake Windows update packages that ultimately executed an information stealer known as Rhadamanthys to exfiltrate passwords and browser cookies.

    FROZENBARENTS, dubbed the “most versatile GRU cyber actor,” has also been observed launching credential phishing attacks targeting the Ukrainian defense industry, military, and Ukr.net webmail users beginning in early December 2022.

    UPCOMING WEBINAR

    Defend with Deception: Advancing Zero Trust Security

    Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

    Save My Seat!

    The threat actor is said to have further created online personas across YouTube, Telegram, and Instagram to disseminate pro-Russian narratives, leak data stolen from compromised organizations, and post targets for distributed denial-of-service (DDoS) attacks.

    “FROZENBARENTS has targeted users associated with popular channels on Telegram,” TAG researcher Billy Leonard said. “Phishing campaigns delivered via email and SMS spoofed Telegram to steal credentials, sometimes targeting users following pro-Russia channels.”

    A third threat actor of interest is PUSHCHA (aka Ghostwriter or UNC1151), a Belarusian government-backed group that’s known to act on behalf of Russian interests, its targeted phishing attacks singling out Ukrainian webmail providers such as i.ua and meta.ua to siphon credentials.

    Google TAG also highlighted a set of attacks mounted by the group behind Cuba ransomware to deploy RomCom RAT in the Ukrainian government and military networks.

    “This represents a large shift from this actor’s traditional ransomware operations, behaving more similarly to an actor conducting operations for intelligence collection,” Leonard pointed out.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleUncovering (and Understanding) the Hidden Risks of SaaS Apps
    Next Article Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Demo
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    [mc4wp_form id=3515]
    Demo
    Top Posts

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Latest Reviews
    Cyber Security

    Name That Toon: Last Line of Defense

    justmattgApril 16, 2024

    [ad_1] The enemies are always getting closer, using the same advanced technologies as security pros…

    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    justmattgApril 16, 2024

    [ad_1] Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover…

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Demo
    MOST POPULAR

    Name That Toon: Last Line of Defense

    April 16, 2024

    California mountain lion P-22 left mark on wildlife conservation

    January 1, 2023

    Congress Again Writes To Home Minister Amit Shah Over Rahul Gandhi’s Security

    January 1, 2023
    OUR PICKS

    Name That Toon: Last Line of Defense

    April 16, 2024

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    [mc4wp_form id=3515]
    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑