Google Claims Multiple Cyber Groups Are Using The Conflict In Ukraine In Phishing Attempts

Hacking operations are luring people into falling for phishing emails and frauds by utilizing bait related to Russia's invasion of Ukraine.
SIA Team
March 31, 2022

Hacking operations are luring people into falling for phishing emails and frauds by utilizing bait related to Russia’s invasion of Ukraine.

Government-backed hackers from Russia, China, Iran, and North Korea, as well as various unattributed groups and cyber-criminal gangs, are using various themes related to the war in Ukraine to lure people into becoming victims of cyberattacks, according to cybersecurity researchers at Google’s Threat Analysis Group (TAG).

Hacking gangs are taking advantage of Russia’s invasion of Ukraine to launch cyberattacks aimed at stealing login passwords, private information, money, and more from victims all around the world.

In the previous two weeks, Google has seen various hacking groups try to use the battle to further their malevolent goals, whether it’s stealing information, stealing money, or something else.

A Russian-based hacker outfit known as Coldriver but also known as Calisto is among them. Numerous US-based NGOs and think tanks, the militaries of several Eastern European countries, the militaries of a Balkan country, a Ukraine-based defense contractor, and a NATO Centre of Excellence have all been targeted.

To send phishing emails, the campaigns employ newly generated Gmail accounts. The links are aimed to collect victims’ usernames and passwords, which the attackers might exploit for spying or possibly planting malware.

Ghostwriter, a cyber-threat group based in Belarus, is another hacking danger that Google claims are aiming to profit off Russia’s invasion of Ukraine. In order to mimic legal domains, Ghostwriter’s phishing attacks replicate a browser within a browser, leveraging this to host webpages meant to steal login credentials. It is said that when user inputs their login and password, the information is transferred to a domain controlled by the attacker, where it is saved and used to launch subsequent attacks.

Google is also cautious against hacking campaigns by the Curious Gorge hacker group, which is tied to the People’s Liberation Army Strategic Support Force, the Chinese military’s cyber and electronic warfare division.

According to TAG, Curious Gorge has undertaken campaigns against government and military institutions in Ukraine, Russia, Kazakhstan, and Mongolia, utilizing lures related to Russia’s invasion of Ukraine.

Governments aren’t the only ones attempting to take advantage of the public’s fascination with the war to launch cyberattacks. Criminals have joined in on the fun as well. One cyber-criminal enterprise, according to Google, is impersonating military soldiers and demanding payment for rescuing relatives trapped in Ukraine.