Security News > 2022 > March > Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks

A Belarusian threat actor known as Ghostwriter has been spotted leveraging the recently disclosed browser-in-the-browser technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.
The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.
A third set of attacks observed over the past two-week period originated from the Russia-based hacking group known as COLDRIVER. TAG said that the actor staged credential phishing campaigns targeting multiple U.S.-based NGOs and think tanks, the military of a Balkans country, and an unnamed Ukrainian defense contractor.
"These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown."
The attack on the satellite broadband service disconnected tens of thousands of modems from the network, impacting several customers in Ukraine and across Europe and affecting the operations of 5,800 wind turbines belonging to the German company Enercon in Central Europe.
The relentless attacks are the latest in a long list of malicious cyber activities that have emerged in the wake of the continuing conflict in Eastern Europe, with government and commercial networks suffering from a string of disruptive data wiper infections as well as a series of ongoing distributed denial-of-service attacks.
News URL
https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Browser-in-the-Browser attacks target CS2 players' Steam accounts (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian hackers attack Western military mission using malicious drive (source)