Russian and Belarusian hackers launch large scale phishing attacks against Ukrainian and European entities, reveals Google

Russian and Belarusian hackers reportedly target Ukraine and its allies. (Image source: Michael Geiger)

Google's Threat Analysis Group has pointed out in a blog post that Russian and Belarusian hackers are targeting Ukrainian and Polish military and governmental entities with phishing attempts. Hacking groups FancyBear and Ghostwriter are believed to be the major threat actors behind the attacks.

Fawad Murtaza, Published 03/08/2022 🇫🇷 🇪🇸 ...

Security

Google’s Threat Analysis Group has identified hacking rings based in Russia and Belarus that are targeting military and government entities in Ukraine and its Western allies. According to Google, a Belarusian threat actor known as Ghostwriter is using phishing campaigns against members of the Ukrainian government to access their credentials through a series of web pages.

Explaining Ghostwriter’s hacking process, Google said in a blog post, “In two recent campaigns, the attackers used newly created Blogspot domains as the initial landing page, which then redirected targets to credential phishing pages.” Google has taken down all domains associated with phishing attempts.

Russian hacking group FancyBear/APT28, a team reportedly linked with the Russian military intelligence, is also involved in a large number of phishing attacks on users of the Ukrainian media organization UKr.net. Per Google, none of the attacks have been successful.

Finally, Threat Analysis Group has also discovered a Chinese hacking ring known as Mustang Panda/Temp.Hex attacking unnamed European entities with infected file attachments. To make the attachments look credible and important, Mustang Panda has been naming the files with titles corresponding to the conflict in Ukraine.

Google notes that the recent activities of Mustang Panda are a deviation from the group’s normal routine of going after users in Southeast Asia.

Buy Apricorn 128GB Aegis Secure Key 3 256-bit hardware-encrypted Type-C flash drive on Amazon

An example of a phishing page used by FancyBear. (Image source: TAG)

Source(s)

Threat Analysis Group, Reuters, The Washington Post

Solana claims its protocol and cryptography weren't compromised during the hack. (image: Executium/Unsplash)

Hackers drain over US$4 million from thousands of Solana wallets in yet another widespread crypto hack 08/04/2022

The three SEA companies are still selling PC-related products in Russia. (Image Source: Advantour & Notebookcheck)

Lenovo, Acer, Asus disregard U.S. economic sanctions, continue to sell computers in Russia 04/08/2022

The Galaxy Flip3 in Latvia. (Source: Samsung Latvia)

Samsung removes "Z" branding from the Galaxy Z Fold3 and Galaxy Z Flip3 in Europe 03/29/2022

FCC terms Kaspersky as a security risk. (Image source: Michael Geiger)

Kaspersky joins Huawei and ZTE as a national security threat on the FCC's entity list 03/28/2022

Ubisoft was reportedly hacked by the same group behind the attack on Nvidia. (Image: Ubisoft)

Nvidia hackers take credit for Ubisoft cyberattack 03/16/2022

TP-Link has been caught sending network traffic to Avira without permission. (Image source: Digi.no)

TP-Link routers and Deco Wi-Fi mesh systems caught sharing traffic with third-party vendors 03/15/2022

Russia may soon legalize the use of unlicensed and pirated software and games (Image: OpenClipart-Vectors/edited)

Russia considers legalizing software piracy 03/11/2022

Ukrainian government is planning to potentially ship out sensitive data to a foreign country. (Image source: jarmoluk on Pixabay)

Ukrainian government plans to potentially transport sensitive data and servers to a different country 03/10/2022

An investigation by a German cybersecurity agency has found no evidence of built-in censorship function inside Xiaomi phones. (Image source: BSI)

Germany's federal cybersecurity body fails to find any proof of built-in censorship inside Xiaomi phones 01/15/2022

Microsoft alerted 140 tech companies to attacks by Russian hacking group, NOBELIUM. (Image: Nahel Abdul Hadi)

Microsoft alerts 140 tech retailers and service providers to targeted attacks by Russian hackers 10/29/2021

Hackers attempt to exploit popular YouTube creators by utilising phishing emails. (Image: NordWood Themes)

Hackers attempt to hijack the accounts of YouTube creators via phishing attacks 10/25/2021

The U.S. will soon ban the export of cybersecurity tools to specific countries and entities. (Image via U.S. Department of Commerce)

United States to ban export of cybersecurity tools and software to countries with "authoritarian practices" 10/21/2021

Cybersecurity experts from all over the world tried to hack Morpheus for 2 months to no avail. (Image Source: umich.edu)

World's best 500+ cybersecurity experts fail to hack the Morpheus processor 03/06/2021

Read all 1 comments / answer

Loading Comments

Comment on this article

Samsung's patented L-shaped foldabl...

The ElegaBand will allow you to wea...

Fawad Murtaza - Tech Writer - 427 articles published on Notebookcheck since 2021

I am Fawad, a fellow tech nerd. As a tech junkie, my relationship with technology goes back to my childhood years. Getting my first Intel Pentium 4 PC was the start of journey that would eventually bring me to Notebookcheck. Finally, I have been writing for tech media since 2018. From small no-name projects to industry leaders, I have worked with a number of tech publications.

contact me via: LinkedIn

Please share our article, every link counts!

.170

> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2022 03 > Russian and Belarusian hackers launch large scale phishing attacks against Ukrainian and European entities, reveals Google

Fawad Murtaza, 2022-03- 8 (Update: 2022-03- 8)

Russian and Belarusian hackers launch large scale phishing attacks against Ukrainian and European entities, reveals Google

Source(s)

Related Articles