Security News

Google's Threat Analysis Group has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine's critical infrastructure in 2023. Google reports that from January to March 2023, Ukraine received roughly 60% of the phishing attacks originating from Russia, making it the most prominent target.

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. The latest intrusion set, starting in early February 2023, involved the use of reflected cross-site scripting attacks in various Ukrainian government websites to redirect users to phishing domains and capture their credentials.

Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. With the USA reaching the end of its annual tax season, accountants are scrambling to gather clients' tax documents to complete and file their tax returns.

Today's human-run scams aren't limited by the number of people who respond to the initial email contact. A smart scammer doesn't want to waste their time with people who reply and then realize it's a scam when asked to wire money.

A new Proofpoint report indicates that in late 2022, threat actor TA473 targeted elected officials and staffers in the U.S., as well as experts in European politics and economics. TA473 is a threat actor, known since 2021, that has targeted several countries aligned against the interests of Belarus and Russia; the group is also known as Winter Vivern for some security companies and governmental entities.

IPFS is a peer-to-peer network protocol designed to provide a decentralized and distributed web. In a usual phishing case, the target is enticed to visit a fraudulent phishing page that will steal their credentials and possibly their credit card information; however, this fraudulent page can be hosted on IPFS and accessed via a gateway.

In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns. "To promote their 'goods,' phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, 'What type of personal data do you prefer?'," Kaspersky web content analyst Olga Svistunova said in a report published this week.

Phishers are targeting YouTube content creators by leveraging the service's Share Video by Email feature, which delivers the phishing email from an official YouTube email address. The email informs the targets of a new monetization policy, new rules, and prompts them to view a video.

Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers. While the messaging platform has been used for cybercriminal activities for several years, it appears that threat actors in the phishing business have started to rely on it more lately.

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region.