Security News > 2022 > March > Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
According to American cybersecurity firm Proofpoint, the attackers use "Possibly compromised" email accounts of Ukrainian armed service members to deliver the phishing message.
The researchers said the phishing attacks they observed were targeting only European governmental entities and added that, for now, they couldn't attribute the attacks to a specific state-sponsored hacking group.
"Proofpoint has identified a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member's email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine," Proofpoint researchers said.
The Computer Emergency Response Team of Ukraine warned of Ghostwriter operators attempting to compromise the private email accounts of Ukrainian military personnel and "Related individuals" to deliver phishing to their contacts.
On Monday, Facebook also took down accounts used by Ghostwriter to target the accounts of Ukrainian officials and military personnel on its platform.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)