Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

Google TAG details cyber activity with regard to the invasion of Ukraine

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine The researchers uncovered a phishing campaign conducted by a […]

Ukraine CERT-UA backdoor SSU PathWiper wiper

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine.

The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine

The researchers uncovered a phishing campaign conducted by a Russia-linked threat actor tracked as COLDRIVER (aka Calisto) against a NATO Centre of Excellence and Eastern European militaries. The attacks of the group also aimed at a Ukrainian defense contractor and several US-based non-governmental organizations (NGOs) and think tanks.

Google experts pointed out that this is the first time that the cyberspies target NATO and military of multiple Eastern European countries.

However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence.” reads the report published by the TAG team. “These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown. We have not observed any Gmail accounts successfully compromised during these campaigns.”

Attackers created Gmail accounts specifically for this campaign and used them to send phishing messages to non-Google accounts. Google states that it is impossible to determine the success rate of these campaigns because the messages reached non-Google accounts. The IT giant states that it is not aware of any Gmail accounts successfully compromised during these attacks.

TAG also reported the activity of a China-linked APT group, tracked as Curious Gorge aimed at government and military organizations from Ukraine, Russia, Kazakhstan, and Mongolia.

“Curious Gorge, a group TAG attributes to China’s PLA SSF, has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia. While this activity largely does not impact Google products, we remain engaged and are providing notifications to victim organizations.” continues the report.

The researchers also observed Belarus-linked APT Ghostwriter employing a new phishing technique known as Browser in the Browser (BitB) phishing, publicly disclosed in mid-March.

“Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites. The new technique, displayed below, draws a login page that appears to be on the passport.i.ua domain, overtop of the page hosted on the compromised site.” continues the report. “Once a user provides credentials in the dialog, they are posted to an attacker controlled domain.”

Google TAG Ukraine

Google experts confirmed that financially motivated and criminal actors are also attempting to exploit the interest in current events in their campaigns. In one case observed by the TAG team. a threat actor impersonated military personnel to extort money for rescuing relatives in Ukraine.

“TAG has also continued to observe multiple ransomware brokers continuing to operate in a business as usual sense.” concludes Google.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ukraine)

[adrotate banner=”5″]

[adrotate banner=”13″]