Security News > 2022 > April > Google: Russian credential thieves target NATO, Eastern European military
A Russian cybercrime gang has lately sent credential-phishing emails to the military of Eastern European countries and a NATO Center of Excellence, according to a Google threat report this week.
One of these crews is Coldriver, which the Google team refer to as "a Russian-based threat actor." According to Leonard, Google hasn't seen attackers successfully compromise any Gmail accounts in its phishing campaigns.
The Google threat report also highlights Ghostwriter, a Belarusian cyber gang that is now using a browser-in-the-browser phishing technique in its credential-stealing campaigns.
Also over the past two weeks, Google security analysts have seen an uptick in Curious Gorge campaigns that target government and military organizations in Ukraine, Russia, Kazakhstan and Mongolia.
Google attributes this cybercrime gang to the China People's Liberation Army Strategy Support Force - the cyber warfare arm of the Chinese military.
5.188.108[.]119. 91.216.190[.]58. 103.27.186[.]23. 114.249.31[.]171. 45.154.12[.]167. Leonard doesn't provide much detail about Curious Gorge's latest campaigns other than that their activity "Largely does not impact Google products," and that Google remains "Engaged and are providing notifications to victim organizations." .
News URL
https://go.theregister.com/feed/www.theregister.com/2022/04/01/russian_credential_phishing/
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft (source)