Security News
How phishing attacks are exploiting Russia's invasion of Ukraine. A new round of phishing attacks analyzed by email security provider Tessian aims to steal cryptocurrency under the guise of requesting charitable donations toward the Ukrainian cause.
The Computer Emergency Response Team of Ukraine has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon. Armageddon is a Russian state-sponsored threat actor who has been targeting Ukraine since at least 2014 and is considered part of the FSB. According to a detailed technical report published by the Ukrainian secret service in November 2021, Armageddon has launched at least 5,000 cyber-attacks against 1,500 critical entities in the country.
At least three different advanced persistent threat groups from across the world have launched spear-phishing campaigns in mid-March 2022 using the ongoing Russo-Ukrainian war as a lure to distribute malware and steal sensitive information. "Many of these lure documents utilize malicious macros or template injection to gain an initial foothold into the targeted organizations, and then launch malware attacks."
Ghostwriter - a threat actor previously linked with the Belarusian Ministry of Defense - has glommed onto the recently disclosed, nearly invisible "Browser-in-the-Browser" credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post, Google's Threat Analysis Group said that they'd already spotted BitB being used by multiple government-backed actors prior to the media turning a laser eye on BitB earlier this month.
A Belarusian threat actor known as Ghostwriter has been spotted leveraging the recently disclosed browser-in-the-browser technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.
Ukraine's security agency has shut down five bot farms since the start of Russia's invasion of the country almost five weeks ago, slowing down a Russian operation designed to spread disinformation in the war-torn country and to sow panic among its frightened residents. In a statement this week, Ukraine's Security Service said the bot farms were located in Kharkiv - a city near the northern border of Russia that has been the site of some of the fiercest fighting - Cherkasy along the Dnieper River that cuts through the country, and the Ternopil and Zakarpattia regions in the western part of Ukraine.
The Ukrainian Security Service has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders.
As the war in Ukraine unfolded, one way of helping was to donate cryptocurrency which resulted in over $50 million in crypto donations. Cybercriminals were quick to move and take advantage of this lucrative situation and inattentive victims.
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began," SentinelOne researcher Tom Hegel said in a report published this week.
The cybercrime group behind the development of the Racoon Stealer password-stealing malware has suspended its operation after claiming that one of its developers died in the invasion of Ukraine. Racoon Stealer is an information-stealing trojan distributed under the MaaS model for $75/week or $200/month.