According to cybersecurity firm Proofpoint, a new phishing campaign is targeting European countries assisting Ukrainian refugees. It aims to disrupt logistics efforts to support the hundreds of thousands fleeing Ukraine after the Russian invasion.
The company said that a state actor was most likely behind the attacks but did not specify which country was responsible. However, it noted that the cybercrime campaign was similar to previous ones that Ghostwriter, a.k.a. TA445 or UNC1151, carried out. The latter is a hacking gang with links to the government of Belarus.
Hackers Target Ukraine-Aiding Officials with Phishing Attacks
Cybercriminals are taking advantage of the war in Ukraine to target refugee aid efforts. Researchers at Proofpoint discovered a new spear-phishing campaign aimed at European officials assisting Ukrainian refugees. Over one million people have fled the country since the war broke out, UN High Commissioner for Refugees Filippo Grandi revealed.
Phishing is when threat actors pose as legitimate entities or individuals to scam victims. They send out thousands of emails containing malicious links or files. When the user clicks them, the malware infiltrates the device and infects the system. From there, the perpetrators can steal your data and hold it for ransom, otherwise known as a ransomware attack, sell it to other gangs, or simply publicize it.
And that’s precisely what happened here, according to Proofpoint. Hackers used a compromised email account of a member of the Ukrainian armed services to deliver their phishing campaign. The emails held a malicious attachment file that downloads dangerous malware called SunSeed on the victim’s computer.
And while the company did not specify who was responsible, it mentioned that the attack looked like the work of Ghostwriter, a cyber gang with close links to Belarus. Ukraine’s Computer Emergency Response Team (CERT) had previously announced in a Facebook post that Belarusian hackers were targeting military personnel.
Phishing for Intelligence
The current phishing campaign against European countries could be the next level of attacks following the Ukraine CERT’s warnings. But the aim could also be to gather intelligence.
Although the hackers’ targets held different job roles and expertise, the focus was on officials with access to key elements. That included information on “the movement of funds, supplies, and people within NATO member countries.”
While the utilized techniques in this campaign are not ground-breaking individually, if deployed collectively, and during a high tempo conflict, they possess the capability to be quite effective.Proofpoint
Reuters contacted the Belarus Embassy in London via email but did not receive an immediate response.