A continuously growing number of threat actors are using the Russia-Ukraine war as a lure in phishing and malware campaigns.
This is the observation made by Google’s Threat Analysis Group (TAG), which has been tracking the cyber activity in regards to the war in Ukraine.
In a blogpost, TAG states government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious e-mails or click malicious links.
TAG adds the threat activity has been observed from a range of actors it regularly monitors that are well-known to law enforcement, including Coldriver and Ghostwriter.
Says TAG: “Financially-motivated and criminal actors are also using current events as a means for targeting users. For example, one actor is impersonating military personnel to extort money for rescuing relatives in Ukraine.
“TAG has also continued to observe multiple ransomware brokers continuing to operate in a ‘business as usual’ sense.”
Since the tensions between Russia and Ukraine started, there has been a marked increase in cyber warfare activity between the countries and other parts of Eastern Europe.
For example, cyber security firm ESET previously discovered new destructive malware circulating in Ukraine, as Russia invaded its neighbouring country.
ESET’s telemetry data showed the malware was installed on hundreds of machines in the country. According to ESET, this followed some distributed denial-of-service attacks against several Ukrainian websites earlier.
In addition, Meta, Facebook’s parent company, and Microsoft’s Threat Intelligence Centre have detected offensive and destructive cyber attacks directed against Ukraine’s digital infrastructure.
TAG indicates it’ll continue to take action, identify bad actors and share relevant information with others across industry and governments.
“While we are actively monitoring activity related to Ukraine and Russia, we continue to be just as vigilant in relation to other threat actors globally, to ensure they do not take advantage of everyone’s focus on this region.”
Share