Security News > 2022 > March > Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
According to American cybersecurity firm Proofpoint, the attackers use "Possibly compromised" email accounts of Ukrainian armed service members to deliver the phishing message.
The researchers said the phishing attacks they observed were targeting only European governmental entities and added that, for now, they couldn't attribute the attacks to a specific state-sponsored hacking group.
"Proofpoint has identified a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member's email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine," Proofpoint researchers said.
The Computer Emergency Response Team of Ukraine warned of Ghostwriter operators attempting to compromise the private email accounts of Ukrainian military personnel and "Related individuals" to deliver phishing to their contacts.
On Monday, Facebook also took down accounts used by Ghostwriter to target the accounts of Ukrainian officials and military personnel on its platform.
News URL
Related news
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)