Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine

Pro-Russian hacktivist channels amplified the Belarusian disinformation campaign, marking an interesting development, researchers said.

The post Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine appeared first on CyberScoop.

Continue reading Hacktivist personas back latest GhostWriter disinfo op targeting Poland, Ukraine

Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say

Multiple ongoing hacking efforts are either connected to or using the Russian military assault to target a wide range of entities.

The post Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say appeared first on CyberScoop.

Continue reading Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say

Russian, Chinese, Belarusian hackers increasingly using Ukraine-themed lures in attacks, Google observes

The Threat Analysis Group report sheds light on international efforts to leverage the war in hacking campaigns.

The post Russian, Chinese, Belarusian hackers increasingly using Ukraine-themed lures in attacks, Google observes appeared first on CyberScoop.

Continue reading Russian, Chinese, Belarusian hackers increasingly using Ukraine-themed lures in attacks, Google observes

Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking

Hackers believed to be associated with the governments of Russia, Belarus and China are targeting Ukraine, Poland and European governments, researchers say, ranging from espionage attempts to phishing campaigns and coinciding with the intensification of the Russian assault on Ukraine. Shane Huntley, the director of Google’s Threat Analysis Group (TAG), said in a blog post Monday that the group has observed well-known Russian military hacking group Fancy Bear (also known as APT28) conducting several large credential phishing campaigns targeting UkrNet, a Ukrainian media company. Two recent campaigns, he said, involved newly created Blogspot domains as initial landing pages, which then redirected targets to credential phishing pages. TAG also observed a hacking operation known as Ghostwriter, or UNC1151, running credential phishing campaigns over the past week against Polish and Ukrainian government and military organizations. Ghostwriter refers to activity believed to be operating out of Belarus, researchers with cybersecurity firm Mandiant reported […]

The post Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking appeared first on CyberScoop.

Continue reading Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking

NATO countries’ refugee management may have been targeted by Belarus-linked hackers

A hacking group with a history of phishing attacks and disinformation against NATO nations may be using compromised Ukrainian armed service member emails to target European officials tasked with managing logistics around refugees fleeing Ukraine, according to findings published Monday. Researchers with cybersecurity firm Proofpoint report they detected an email Feb. 24 that carried a subject referencing the Feb. 24 emergency meeting of NATO on the day the Russian government began its military attack on Ukraine. The email included an attached Microsoft Excel spreadsheet titled “list of persons.xlsx” that the researchers later determined included malware that, if installed, sought to gather information and intelligence from target computers. The social engineering lure used in this campaign was timely, the researchers said, given the NATO meeting and “a news story about a Russian government ‘kill list’ targeting Ukrainians that began circulating in Western media outlets” Feb. 21. Proofpoint did not definitively attribute […]

The post NATO countries’ refugee management may have been targeted by Belarus-linked hackers appeared first on CyberScoop.

Continue reading NATO countries’ refugee management may have been targeted by Belarus-linked hackers

Facebook, Twitter, Google intercept Russian propaganda, disinformation about Ukraine

In recent days, social media companies have gotten more active in stemming the flow of official Russian propaganda, as well tackling sneakier efforts to spread disinformation about Ukraine. The steps follow pressure from policymakers in the U.S. and elsewhere for social media companies to counter narratives from Russia as it conducts its military offense. Meta, the parent company of Facebook and Instagram, said Monday that it had removed about 40 accounts based out of Russia and Ukraine posing as legitimate news sources, which were pushing the narrative that the West had betrayed Ukraine and that Ukraine was a failed state. It also said it had taken steps to counter hacking threats to Facebook members from Ghostwriter, a suspected Russia- and Belarus-linked disinformation and hacking operation. Also Monday, Twitter said it would add labels to accounts sharing links to Russian state-affiliated media outlets, and was “taking steps to significantly reduce the […]

The post Facebook, Twitter, Google intercept Russian propaganda, disinformation about Ukraine appeared first on CyberScoop.

Continue reading Facebook, Twitter, Google intercept Russian propaganda, disinformation about Ukraine

Facebook, Twitter, Google intercept Russian propaganda, disinformation about Ukraine

In recent days, social media companies have gotten more active in stemming the flow of official Russian propaganda, as well tackling sneakier efforts to spread disinformation about Ukraine. The steps follow pressure from policymakers in the U.S. and elsewhere for social media companies to counter narratives from Russia as it conducts its military offense. Meta, the parent company of Facebook and Instagram, said Monday that it had removed about 40 accounts based out of Russia and Ukraine posing as legitimate news sources, which were pushing the narrative that the West had betrayed Ukraine and that Ukraine was a failed state. It also said it had taken steps to counter hacking threats to Facebook members from Ghostwriter, a suspected Russia- and Belarus-linked disinformation and hacking operation. Also Monday, Twitter said it would add labels to accounts sharing links to Russian state-affiliated media outlets, and was “taking steps to significantly reduce the […]

The post Facebook, Twitter, Google intercept Russian propaganda, disinformation about Ukraine appeared first on CyberScoop.

Continue reading Facebook, Twitter, Google intercept Russian propaganda, disinformation about Ukraine

Ukrainian cyber officials warn of new wave of phishing attacks

Ukrainian officials warned Friday that Belarusian hackers are sending a wave of phishing emails targeting Ukrainian soldiers and civilians. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals,” Ukraine’s Computer Emergency Response Team wrote in a Facebook post Friday. Both URLs belong to Ukraine-based email services. Once an account is compromised, hackers gain access to the target’s messages and their contact details, allowing them to send additional phishing emails to their contacts, the CERT said. Ukraine’s State Service of Special Communications and Information Protection issued a separate warning Friday about a phishing attack against civilian emails containing potentially malicious attached files. Warning ⚠️ A phishing #attack has started against Ukrainians! Citizens’ e-mail addresses receive letters with attached files of uncertain nature. The mass distribution of such messages to messengers may happen. #cyberattacks #Ukraine pic.twitter.com/YPvFH2oNk0 — SSSCIP Ukraine (@dsszzi) February 25, 2022 The […]

The post Ukrainian cyber officials warn of new wave of phishing attacks appeared first on CyberScoop.

Continue reading Ukrainian cyber officials warn of new wave of phishing attacks

Cyberattacks on Ukrainian websites come into clearer focus as Russia tensions escalate

Cybersecurity researchers shed additional light over the weekend on the cyberattacks that disabled Ukrainian government websites, as Kyiv pointed to Russia as the culprit. Microsoft and ESET both shared details on the nature of the malware that took the Ukrainian sites down. Microsoft “assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” the company wrote in a blog post Saturday. However, Microsoft said it couldn’t yet attribute who was behind the malware, labeled WhisperGate. The Department of Homeland Security’s Cybersecurity and Infrastructure Agency recommended that network defenders review the Microsoft blog post, suggesting the possibility that the attacks could spread to include other targets. ESET on Sunday elaborated further, saying that the malware the attackers contained code “commonly used by commodity e-crime malware.” “It […]

The post Cyberattacks on Ukrainian websites come into clearer focus as Russia tensions escalate appeared first on CyberScoop.

Continue reading Cyberattacks on Ukrainian websites come into clearer focus as Russia tensions escalate

Belarus: Cyber upstart, or Russian staging ground?

As the prospect of further Russian aggression in Ukraine looms, the Biden administration is concerned about Russian cyber operations against the U.S. and its allies. Yet as the White House engages with Moscow and builds out plans around these risks, it must watch an overlooked development in Russia’s near-abroad: growing cyber integration between Belarus and the Kremlin. In November 2021, Mandiant published a report assessing with “high confidence” that the UNC1151 cyber group, which assisted the longstanding “Ghostwriter” campaign — stealing government credentials and spreading disinformation in Europe — is linked to the Belarusian government. It also assessed with “moderate confidence” that Belarus “is also likely at least partially responsible for the Ghostwriter campaign.” Significantly, the report’s authors added: “We cannot rule out Russian contributions to either UNC1151 or Ghostwriter.” The report raises the prospect that Belarus is engaged in cyber-enabled influence operations abroad, and the authors explicitly say that Moscow’s […]

The post Belarus: Cyber upstart, or Russian staging ground? appeared first on CyberScoop.

Continue reading Belarus: Cyber upstart, or Russian staging ground?