Security News

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group said it took down two Blogspot domains that were used by the nation-state group FancyBear - which is attributed to Russia's GRU military intelligence - as a landing page for its social engineering attacks.

MuddyWater targets Middle Eastern and Asian countries in phishing attacks. Iranian APT Supergroup MuddyWater has been identified as the hackers linked to attempted phishing attacks against Turkey and other Asian countries according to findings published by Cisco Talos.

Chinese hackers attempted phishing on emails affiliated with US government. According to Google's Threat Analysis Group, multiple Gmail users affiliated with the U.S. government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

The China-aligned group tracked as TA416 has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine. According to a new report by Proofpoint, TA416 spearheads cyber-espionage operations against the EU, consistently focusing on this long-term role without reaping opportunistic gains.

Ukraine's Computer Emergency Response Team warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. "In this way, they gain access to the email inboxes of Ukrainian citizens."

The BBC were the target of nearly 50 million malicious email attacks between 1st October 2021 and the end of January 2022. This means the BBC is facing an average of 383,278 email threats a day, which is a 35 per cent increase from the daily figure of 283,597 email attacks blocked per day observed by Parliament Street in Summer 2020.

The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analyzed phishing attack patterns that unfolded throughout 2021. Phishing actors focused on Facebook and other social media platforms because taking over social media accounts is commonly a stepping stone to reach a wider audience or perform highly effective spear-phishing attacks.

Vade announced its annual ranking of the top 20 most impersonated brands in phishing. With six brands in the top 20, financial services was the most impersonated industry of 2021, representing 35% of all phishing pages, rising sharply based on its place at 28% in 2020.

Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and months, from distributed denial-of-service campaigns against organizations and citizens to attacks against national infrastructure and more. This phishing targeted a very specific group of European government personnel involved in managing the outflux of refugees from Ukraine.

APWG saw 316,747 phishing attacks in December 2021 - the highest monthly total observed since it begain its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.