Security News > 2022 > April > Google: Russian credential thieves target NATO, Eastern European military

Google: Russian credential thieves target NATO, Eastern European military
2022-04-01 10:20

A Russian cybercrime gang has lately sent credential-phishing emails to the military of Eastern European countries and a NATO Center of Excellence, according to a Google threat report this week.

One of these crews is Coldriver, which the Google team refer to as "a Russian-based threat actor." According to Leonard, Google hasn't seen attackers successfully compromise any Gmail accounts in its phishing campaigns.

The Google threat report also highlights Ghostwriter, a Belarusian cyber gang that is now using a browser-in-the-browser phishing technique in its credential-stealing campaigns.

Also over the past two weeks, Google security analysts have seen an uptick in Curious Gorge campaigns that target government and military organizations in Ukraine, Russia, Kazakhstan and Mongolia.

Google attributes this cybercrime gang to the China People's Liberation Army Strategy Support Force - the cyber warfare arm of the Chinese military.

5.188.108[.]119. 91.216.190[.]58. 103.27.186[.]23. 114.249.31[.]171. 45.154.12[.]167. Leonard doesn't provide much detail about Curious Gorge's latest campaigns other than that their activity "Largely does not impact Google products," and that Google remains "Engaged and are providing notifications to victim organizations." .


News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/01/russian_credential_phishing/