Security News > 2022 > April > Russian govt impersonators target telcos in phishing attacks

A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries.

The phishing emails pretend to come from the Russian Government's Federal Bailiffs Service and are written in the Russian language, with the recipients being telecommunication service providers and industrial firms in Lithuania, Estonia, and Russia.

DarkWatchman has been linked to Russian threat actors before, focusing primarily on targeting organizations in their own country.

In many of the cases seen by X-Force, the phishing emails targeted the owners of companies or at least high-ranking employees.

IBM's analysts believe Hive0117 isn't affiliated with Russian APTs or part of a state-sponsored cluster that carries out cyber-espionage and cyber-warfare operations.

"While the target list of the phishing campaign attributed to Hive0117 has regional associations with the Russian invasion of Ukraine, the activity predates the invasion, indicating they're separate from any politically charged associations that have spurred recent waves of criminal activity," explains IBM. The threat group appears to be motivated by financial profit, and they're likely targeting entities with a large user base to access their client pool indirectly.

News URL

https://www.bleepingcomputer.com/news/security/russian-govt-impersonators-target-telcos-in-phishing-attacks/