Russian and Belarusian hackers launch large scale phishing attacks against Ukrainian and European entities, reveals Google
Google’s Threat Analysis Group has identified hacking rings based in Russia and Belarus that are targeting military and government entities in Ukraine and its Western allies. According to Google, a Belarusian threat actor known as Ghostwriter is using phishing campaigns against members of the Ukrainian government to access their credentials through a series of web pages.
Explaining Ghostwriter’s hacking process, Google said in a blog post, “In two recent campaigns, the attackers used newly created Blogspot domains as the initial landing page, which then redirected targets to credential phishing pages.” Google has taken down all domains associated with phishing attempts.
Russian hacking group FancyBear/APT28, a team reportedly linked with the Russian military intelligence, is also involved in a large number of phishing attacks on users of the Ukrainian media organization UKr.net. Per Google, none of the attacks have been successful.
Finally, Threat Analysis Group has also discovered a Chinese hacking ring known as Mustang Panda/Temp.Hex attacking unnamed European entities with infected file attachments. To make the attachments look credible and important, Mustang Panda has been naming the files with titles corresponding to the conflict in Ukraine.
Google notes that the recent activities of Mustang Panda are a deviation from the group’s normal routine of going after users in Southeast Asia.
Buy Apricorn 128GB Aegis Secure Key 3 256-bit hardware-encrypted Type-C flash drive on Amazon