Security News > 2022 > March > Google: Russian phishing attacks target NATO, European military

The Google Threat Analysis Group says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks.
The report's highlight are credential phishing attacks coordinated by a Russian-based threat group tracked as COLDRIVER against a NATO Centre of Excellence and Eastern European militaries.
As the Google threat analysts also observed, Curious Gorge, a hacking group linked to China's PLA SSF, targeted government and military organizations from Ukraine, Russia, Kazakhstan, and Mongolia.
The Belarusian state hackers' credential phishing campaigns have previously targeted Ukrainian officials and military personnel [1, 2] and European refugee aid officials.
Today's report follows another one Google TAG published regarding malicious activity linked to the Russian war in Ukraine from early March that exposed Russian, Chinese, and Belarus state hackers' efforts to compromise Ukrainian and European organizations and officials.
As we previously reported, this flood of attacks has also included distributed denial-of-service attacks targeting the Ukrainian government and state-owned banks, as well as multiple campaigns of destructive malware attacks [1, 2]. "DDoS attempts against numerous Ukraine sites, including the Ministry of Foreign Affairs, Ministry of Internal Affairs, as well as services like Liveuamap that are designed to help people find information" were also observed by Google since the start of the Russian war in Ukraine.
News URL
Related news
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- iOS devices face twice the phishing attacks of Android (source)