Security News > 2022 > March > Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
According to American cybersecurity firm Proofpoint, the attackers use "Possibly compromised" email accounts of Ukrainian armed service members to deliver the phishing message.
The researchers said the phishing attacks they observed were targeting only European governmental entities and added that, for now, they couldn't attribute the attacks to a specific state-sponsored hacking group.
"Proofpoint has identified a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member's email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine," Proofpoint researchers said.
The Computer Emergency Response Team of Ukraine warned of Ghostwriter operators attempting to compromise the private email accounts of Ukrainian military personnel and "Related individuals" to deliver phishing to their contacts.
On Monday, Facebook also took down accounts used by Ghostwriter to target the accounts of Ukrainian officials and military personnel on its platform.
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)