Security News > 2022 > March > Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks

A Belarusian threat actor known as Ghostwriter has been spotted leveraging the recently disclosed browser-in-the-browser technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.

The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.

A third set of attacks observed over the past two-week period originated from the Russia-based hacking group known as COLDRIVER. TAG said that the actor staged credential phishing campaigns targeting multiple U.S.-based NGOs and think tanks, the military of a Balkans country, and an unnamed Ukrainian defense contractor.

"These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown."

The attack on the satellite broadband service disconnected tens of thousands of modems from the network, impacting several customers in Ukraine and across Europe and affecting the operations of 5,800 wind turbines belonging to the German company Enercon in Central Europe.

The relentless attacks are the latest in a long list of malicious cyber activities that have emerged in the wake of the continuing conflict in Eastern Europe, with government and commercial networks suffering from a string of disruptive data wiper infections as well as a series of ongoing distributed denial-of-service attacks.

News URL

https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html