Notebookcheck Logo

Russian and Belarusian hackers launch large scale phishing attacks against Ukrainian and European entities, reveals Google

Russian and Belarusian hackers reportedly target Ukraine and its allies. (Image source: Michael Geiger)
Russian and Belarusian hackers reportedly target Ukraine and its allies. (Image source: Michael Geiger)
Google's Threat Analysis Group has pointed out in a blog post that Russian and Belarusian hackers are targeting Ukrainian and Polish military and governmental entities with phishing attempts. Hacking groups FancyBear and Ghostwriter are believed to be the major threat actors behind the attacks.

Google’s Threat Analysis Group has identified hacking rings based in Russia and Belarus that are targeting military and government entities in Ukraine and its Western allies. According to Google, a Belarusian threat actor known as Ghostwriter is using phishing campaigns against members of the Ukrainian government to access their credentials through a series of web pages.

Explaining Ghostwriter’s hacking process, Google said in a blog post, “In two recent campaigns, the attackers used newly created Blogspot domains as the initial landing page, which then redirected targets to credential phishing pages.” Google has taken down all domains associated with phishing attempts.

Russian hacking group FancyBear/APT28, a team reportedly linked with the Russian military intelligence, is also involved in a large number of phishing attacks on users of the Ukrainian media organization UKr.net. Per Google, none of the attacks have been successful.

Finally, Threat Analysis Group has also discovered a Chinese hacking ring known as Mustang Panda/Temp.Hex attacking unnamed European entities with infected file attachments. To make the attachments look credible and important, Mustang Panda has been naming the files with titles corresponding to the conflict in Ukraine.

Google notes that the recent activities of Mustang Panda are a deviation from the group’s normal routine of going after users in Southeast Asia.

Buy Apricorn 128GB Aegis Secure Key 3 256-bit hardware-encrypted Type-C flash drive on Amazon

An example of a phishing page used by FancyBear. (Image source: TAG)
An example of a phishing page used by FancyBear. (Image source: TAG)
Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2022 03 > Russian and Belarusian hackers launch large scale phishing attacks against Ukrainian and European entities, reveals Google
Fawad Murtaza, 2022-03- 8 (Update: 2022-03- 8)