Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts

Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts

Trending 8 months ago 58

Hostile hacking groups are exploiting Russia's penetration of Ukraine to transportation retired cyberattacks designed to bargain login credentials, delicate information, wealth and much from victims astir the world. 

According to cybersecurity researchers astatine Google's Threat Analysis Group (TAG), government-backed hackers from Russia, China, Iran and North Korea, arsenic good arsenic assorted unattributed groups and cyber-criminal gangs, are utilizing assorted themes related to the warfare successful Ukraine to lure radical into becoming victims of cyberattacks. 

In conscionable the past 2 weeks alone, Google has seen respective hacking groups looking to instrumentality vantage of the warfare to fulfil their malicious aims, whether that's stealing information, stealing money, oregon thing else. 

SEE: Ukraine is gathering an 'IT army' of volunteers, thing that's ne'er been tried before

Among these are a Russian-based hacking radical that Google refers to arsenic Coldriver, but besides cognize arsenic Calisto. Their targets person included respective US-based NGOs and deliberation tanks, subject of aggregate Eastern European countries, the subject of a Balkans country, a Ukraine-based defence contractor, arsenic good arsenic a NATO Centre of Excellence. 

The campaigns usage recently created Gmail accounts to nonstop phishing emails. The links are designed to bargain usernames and passwords from victims, thing that the attackers could usage to perpetrate espionage oregon perchance works malware.

Another hacking menace that Google says is attempting to exploit the Russian penetration of Ukraine is Ghostwriter, a cyber-threat radical moving retired of Belarus. Ghostwriter's phishing attacks simulate a browser wrong the browser successful bid to spoof morganatic domains, exploiting this to big websites designed to bargain login credentials.  

Once a idiosyncratic enters their username and password, the details are sent to a domain controlled by the attacker, wherever they are stored and tin beryllium exploited to behaviour further attacks successful future. 

Google besides warns astir campaigns by a hacking radical referred to arsenic Curious Gorge, which is linked to the People's Liberation Army Strategic Support Force, the cyber and physics warfare subdivision of the Chinese military. 

According to TAG, Curious Gorge is utilizing lures related to Russia's penetration of Ukraine and has conducted campaigns against authorities and subject organizations successful Ukraine, Russia, Kazakhstan, and Mongolia. 

But it isn't conscionable governments that are looking to exploit the involvement and disorder astir the warfare to perpetrate cyberattacks. Criminals person been getting successful connected the action, too. Google notes that 1 cyber-criminal cognition is impersonating subject unit and demanding payments for rescuing relatives stuck successful Ukraine.  

"We'll proceed to instrumentality action, place atrocious actors and stock applicable accusation with others crossed manufacture and governments, with the extremity of bringing consciousness to these issues, protecting users and preventing aboriginal attacks," said Billy Leonard, information technologist astatine Google's Threat Analysis Group.  

Google notes that ransomware groups are inactive operating arsenic normal. 


style="display:block" data-ad-client="ca-pub-6050020371266145" data-ad-slot="7414032534" data-ad-format="auto" data-full-width-responsive="true">