Security News > 2022 > April > Russian govt impersonators target telcos in phishing attacks
A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries.
The phishing emails pretend to come from the Russian Government's Federal Bailiffs Service and are written in the Russian language, with the recipients being telecommunication service providers and industrial firms in Lithuania, Estonia, and Russia.
DarkWatchman has been linked to Russian threat actors before, focusing primarily on targeting organizations in their own country.
In many of the cases seen by X-Force, the phishing emails targeted the owners of companies or at least high-ranking employees.
IBM's analysts believe Hive0117 isn't affiliated with Russian APTs or part of a state-sponsored cluster that carries out cyber-espionage and cyber-warfare operations.
"While the target list of the phishing campaign attributed to Hive0117 has regional associations with the Russian invasion of Ukraine, the activity predates the invasion, indicating they're separate from any politically charged associations that have spurred recent waves of criminal activity," explains IBM. The threat group appears to be motivated by financial profit, and they're likely targeting entities with a large user base to access their client pool indirectly.
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Russian spies use remote desktop protocol files in unusual mass phishing drive (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)