NATO target of phishing campaign
Since the outbreak of the war in Ukraine, the number of phishing and malware campaigns has increased significantly. NATO and the armed forces of various Eastern European countries are the targets. State hackers from China, Iran, North Korea, and Russia are behind these practices.
Google’s Threat Analysis Group (TAG) reports this in a blog.
The attackers respond to current events. They are exploiting the war in Ukraine to trick unsuspecting victims into opening fake emails with malicious links. As an example, TAG cites a man posing as a soldier to raise money to save relatives left behind in Ukraine. In this case, scammers try to make a financial profit from the misery in Ukraine. The consequences of such a scam campaign may be limited.
Not all scams are so harmless, Google warns. Several hacker groups are actively trying to damage military organizations and government services. The Chinese hacker group Curious Gorge has conducted campaigns against the armed forces in Ukraine, Russia, Kazakhstan, and Mongolia. Google does not provide details about the attacks of this group.
NATO target of Russian hackers
Another hacker collective that is active is COLDRIVER . Also known as Calisto, this group consists of Russian hackers who have launched phishing campaigns to obtain login credentials. Its members mainly target non-governmental organizations (NGOs), think tanks, and the armed forces in the Balkans. A Ukrainian defense contractor was also targeted by Russian hackers. The group has been active since 2015.
For the first time, COLDRIVER has set its sights on the military in multiple Eastern European countries and NATO’s Center of Excellence. The attackers used newly created Gmail accounts to target their targets. Because these spam messages were sent to email accounts that Google does not control, TAG cannot estimate the exact extent of the damage.
In a statement to Reuters news agency, NATO said it is “a daily target of malicious cyber activities”.
Hackers use new phishing technique
Finally, Google’s cybersecurity experts have seen GhostWriter set up phishing campaigns with the aim of getting login credentials. The group has recently started using a phishing technique called “Browser in a Browser.” Visitors are then redirected to a compromised site that appears to be on a trusted domain. Anyone who tries to log in will see a new tab. Data entered on this page ends up in the hands of the hackers.
GhostWriter is a notorious hacker group in Western Europe. The group tried to influence the parliamentary elections in Germany last year by spreading disinformation through social media. In addition, the attackers ran phishing campaigns on politicians in an attempt to take over their accounts.
Earlier this month, cybersecurity firm Infoblox warned that scammers and fraudsters were exploiting the Russian invasion of Ukraine to steal money and spread malware.
Catch up on more articles here
Follow us on Twitter here