Security News > 2022 > March > Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
According to American cybersecurity firm Proofpoint, the attackers use "Possibly compromised" email accounts of Ukrainian armed service members to deliver the phishing message.
The researchers said the phishing attacks they observed were targeting only European governmental entities and added that, for now, they couldn't attribute the attacks to a specific state-sponsored hacking group.
"Proofpoint has identified a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member's email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine," Proofpoint researchers said.
The Computer Emergency Response Team of Ukraine warned of Ghostwriter operators attempting to compromise the private email accounts of Ukrainian military personnel and "Related individuals" to deliver phishing to their contacts.
On Monday, Facebook also took down accounts used by Ghostwriter to target the accounts of Ukrainian officials and military personnel on its platform.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- Ukrainian extradited to US for Nefilim ransomware attacks (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)