Tuesday , September 10 2024

Ukraine targeted by 60% of Russian phishing attacks in 2023: Google

Google’s Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine’s critical infrastructure in 2023.

Google reports that from January to March 2023, Ukraine received roughly 60% of the phishing attacks originating from Russia, making it the most prominent target.

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has...
Read More
Hacker to exploite GeoServer Vulnerability to Deploy Malware

IMB unveils multiple vulnerabilities in it’s webMethods Integration

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands...
Read More
IMB unveils multiple vulnerabilities in it’s webMethods Integration

Progress LoadMaster exposed to a critical 10/10 vulnerability

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which...
Read More
Progress LoadMaster exposed to a critical 10/10 vulnerability

Cisco released security updates for two critical security flaws

CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers...
Read More
Cisco released security updates for two critical security flaws

OpenBAS: Cutting-edge breach and attack simulation platform

OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS...
Read More
OpenBAS: Cutting-edge breach and attack simulation platform

Critical Security Flaws Patched in Zyxel Networking Devices

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions....
Read More
Critical Security Flaws Patched in Zyxel Networking Devices

CVE-2024-38811: CEV In VMware Fusion Unveiled

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by...
Read More
CVE-2024-38811: CEV In VMware Fusion Unveiled

CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit...
Read More
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million)...
Read More
How Malaysia’s Data Centre Industry Poised for Growth

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data...
Read More
RansomHub exfiltrated data over 210 victims: US alert

In most cases, the campaign goals include intelligence collection, operational disruptions, and leaking sensitive data through Telegram channels dedicated to causing information damage to Ukraine.

Threat groups active in Ukraine

Google’s TAG lists three Russian and Belarusian threat actors who had notable activity in the first quarter of the year against Ukrainian targets.

The first is Sandworm, tracked by Google as “FrozenBarents,” which has focused its attacks on the energy sector across Europe since November 2022, with a highlighted case involving the Caspian Pipeline Consortium (CPC).

CPC phishing page
CPC phishing page (Google)

Sandworm has lately launched multiple phishing campaigns using spoofed “Ukroboronprom” websites against workers in the Ukrainian defense industry, users of the Ukr.net platform, or even Ukrainian Telegram channels.

Website spoofing a Ukrainian defense firm
Website spoofing a Ukrainian defense firm (Google)

The threat group also creates multiple online personas to disseminate false information on YouTube and Telegram, often leaking parts of the data they steal through phishing or network intrusions.

Telegram phishing page
Telegram phishing page (Google)

Another highly-active Russian threat actor is APT28, tracked by Google as “FrozenLake.”

Between February and March 2023, APT28 sent out multiple large waves of phishing emails targeting Ukrainians. The hackers also used reflected cross-site scripting (XSS) on Ukrainian government websites to redirect visitors to phishing pages.

Phishing page where victims land after an XSS redirection
Phishing page where victims land after an XSS redirection (Google)

This week, a joint announcement by the UK NCSC, FBI, NSA, and CISA warned that APT28 is hacking Cisco Routers to install custom malware.

The third threat actor highlighted in Google’s report is “Pushcha,” which is believed to be based in Belarus, a country that is politically aligned with the Kremlin.

Pushcha has recently launched campaigns that target Ukrainian webmail providers like “i.ua” and “meta.ua,” attempting to steal the users’ credentials by setting up phony sites.

Fake email login site created by Pushcha
Fake email login site created by Pushcha (Google)

State-funded misinformation

Google’s report also highlights cases of misinformation on its platforms, like YouTube and Blogger.

“In the first quarter of 2023, TAG observed a coordinated IO campaign from actors affiliated with the Internet Research Agency (IRA) creating content on Google products such as YouTube, including commenting and upvoting each other’s videos,” reads the Google TAG report.

The IRA (Glavset) is a Russian company linked to Wagner Group’s owner, Y. Prigozhin, engaging in online propaganda and influence operations on behalf of Russian political interests.

Google reports that it has been observing and blocking IRA-linked accounts creating content on YouTube Shorts to promote specific “news-like” narratives about the war in Ukraine to Russian domestic audiences.

All websites linked to the mentioned campaigns have been added to Google’s “Safe Browsing” blocklist, while targeted Gmail and Workspace users received alerts notifying them about malicious communications.

Check Also

Ransomhub

RansomHub exfiltrated data over 210 victims: US alert

US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is …

Leave a Reply

Your email address will not be published. Required fields are marked *