Security researchers have detected a new phishing campaign connected to a infamous disinformation threat group, which is focusing on European governments as they try out to deal with an inflow of Ukrainian refugees.
To start with noticed on February 24, the initial phishing email was despatched employing a compromised account belonging to a member of the Ukrainian armed service, in accordance to Proofpoint.
The email itself piggybacked on news of a latest UN Security Council assembly, and contained a destructive XLS macro later on identified to produce the SunSeed malware. The file alone was spoofed to seem as if it contained a not too long ago found ‘kill list’ of Ukrainian figures drawn up by Moscow.
The timing also appeared to coincide with Ukrainian CERT warnings of popular phishing strategies focusing on armed service staff and family and launched by Belarusian group Ghostwriter (UNC1151/TA445).
“The Proofpoint-observed email messages had been restricted to European governmental entities. The focused individuals possessed a vary of abilities and experienced responsibilities. Nonetheless, there was a very clear preference for focusing on people with responsibilities associated to transportation, financial and spending plan allocation, administration, and inhabitants movement inside of Europe,” Proofpoint explained.
“This campaign may possibly represent an endeavor to acquire intelligence concerning the logistics surrounding the motion of funds, materials, and folks within just NATO member nations.”
While Proofpoint explained it didn’t have definitive specialized evidence linking the campaign to Ghostwriter, it had noticed “several temporal and anecdotal indicators”.
It could be that the team is accumulating proof to enable craft a lot more narratives about migrants and refugees intended to sow discord across Europe, a tactic it has employed just before.
“TA445, which seems to work out of Belarus, specially has a history of participating in a considerable quantity of disinformation operations intended to manipulate European sentiment close to the motion of refugees within NATO nations around the world,” Proofpoint concluded.
“These managed narratives may possibly intend to marshal anti-refugee sentiment inside of European countries and exacerbate tensions in between NATO customers, lowering Western assistance for the Ukrainian entities included in armed conflict. This strategy is a known element within just the hybrid warfare product used by the Russian armed forces and by extension that of Belarus.”
Some parts of this article are sourced from:
www.infosecurity-journal.com