Google’s Threat Analysis Group says a “growing number” of government-backed hacking groups are using Russia’s war on Ukraine as a lure in phishing and malware campaigns. Hackers associated with China, Iran, North Korea, and Russia, along with other unattributed groups, are using “various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links.” In addition, a Russia-based hacking group has targeted several U.S. nongovernmental organizations and think tanks, the military of a Balkans country, and a Ukrainian defense contractor, according to Google.
Ukraine has received more than $70m in crypto donations since the invasion of the country began, as it turned to cryptocurrency and NFTs to fund its defence against Russia. However, this had created a surge in scam emails with subject lines such as ‘Help Ukraine’. When people donate to these fake websites and groups, the money goes straight to the scammer.
Within the last two weeks, a Russia-based hacking group has targeted several U.S. nongovernmental organizations and think tanks, the military of a Balkans country, and a Ukrainian defense contractor, Google reported Wednesday.
The activity, attributed to a group Google calls “Cold River” but others know as “Calisto,” is the first time the Google researchers have observed the group targeting “multiple Eastern European countries, as well as a NATO Centre of Excellence,” Billy Leonard, a Google security engineer said in a post on Google’s Threat Analysis group.
Financially motivated and criminal hackers are also using the war to target victims, such as in one case Google observed where somebody was impersonating military personnel to extort money for rescuing relatives in Ukraine, the report says. In another attempt, a Belarusian threat actor known as Ghostwriter has been spotted using the recently disclosed browser-in-the-browser technique as part of their credential phishing campaigns exploiting the ongoing Ukrainian conflict. The method, which poses as a legitimate domain by simulating a browser window within the browser, makes it possible to conduct convincing social engineering campaigns.