4 May 2022

Nation-state hackers increasingly use war in Ukraine as a lure in malicious campaigns


Nation-state hackers increasingly use war in Ukraine as a lure in malicious campaigns

State-backed hacker groups associated with Russia, China, Iran, and North Korea, as well as other various unattributed groups and financially motivated cyber criminals are increasingly using the Ukraine-Russia war as a lure in phishing and malicious campaigns, according to a new report from Google’s Threat Analysis Group (TAG).

The new report details several malicious campaigns conducted by various advanced persistent threat groups (APTs) observed by the team over the past few weeks.

Threat actors from Russia, Belarus and China have been observed using a variety of email-based attack methods to steal credentials and gain access to organizations in Ukraine (APT28, Ghostwriter), Lithuania (Ghostwriter), Central Asia, countries in the Baltics (Turla, Coldriver), and Russia itself (Curious Gorge).

Curious Gorge, which the TAG team attributes to China's PLA SSF (The People's Liberation Army Strategic Support Force), is continuing to attack government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia.

“In Russia, long running campaigns against multiple government organizations have continued, including the Ministry of Foreign Affairs. Over the past week, TAG identified additional compromises impacting multiple Russian defense contractors and manufacturers and a Russian logistics company,” Google TAG Security Engineer Billy Leonard said.

Microsoft said in a recent report that since the beginning of the war Russian state-backed hackers carried out over 230 cyberattacks against Ukraine that appeared to support Russia’s military operations and online propaganda.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!


Back to the list

Latest Posts

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

The suspect registered 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware.
26 May 2022
US automaker General Motors hit with credential stuffing attack

US automaker General Motors hit with credential stuffing attack

Social Security numbers and driver’s license details weren’t compromised, the company said.
25 May 2022
Popular Python and PHP libraries altered to steal AWS keys

Popular Python and PHP libraries altered to steal AWS keys

In both cases the attacker appears to have taken over packages that have not been updated in a while.
25 May 2022