Security News > 2022 > March > Google: Russian phishing attacks target NATO, European military
The Google Threat Analysis Group says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks.
The report's highlight are credential phishing attacks coordinated by a Russian-based threat group tracked as COLDRIVER against a NATO Centre of Excellence and Eastern European militaries.
As the Google threat analysts also observed, Curious Gorge, a hacking group linked to China's PLA SSF, targeted government and military organizations from Ukraine, Russia, Kazakhstan, and Mongolia.
The Belarusian state hackers' credential phishing campaigns have previously targeted Ukrainian officials and military personnel [1, 2] and European refugee aid officials.
Today's report follows another one Google TAG published regarding malicious activity linked to the Russian war in Ukraine from early March that exposed Russian, Chinese, and Belarus state hackers' efforts to compromise Ukrainian and European organizations and officials.
As we previously reported, this flood of attacks has also included distributed denial-of-service attacks targeting the Ukrainian government and state-owned banks, as well as multiple campaigns of destructive malware attacks [1, 2]. "DDoS attempts against numerous Ukraine sites, including the Ministry of Foreign Affairs, Ministry of Internal Affairs, as well as services like Liveuamap that are designed to help people find information" were also observed by Google since the start of the Russian war in Ukraine.
News URL
Related news
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian spies use remote desktop protocol files in unusual mass phishing drive (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)