Nation-State Hackers Ramp Up Ukraine War-Themed Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Nation-State Hackers Ramp Up Ukraine War-Themed Attacks


Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Googles research team.



The Belarus-based operator of an organized and ongoing disinformation campaign in Europe called Ghostwriter is using a new, hard-to-detect phishing technique to target organizations in Ukraine just days after a researcher highlighted the method in a blog post.
The method, dubbed browser-in-the-browser, basically involves the threat actor drawing a browser window within a browser to impersonate the entire pop-up login window — including URL — of a legitimate domain. Users get fooled into entering login details when they land on these spoofed account login windows because the URL looks legitimate.
Researchers from Googles Threat Analysis Group (TAG) highlighted Ghostwriters use of the new tactic in an update this week on recent malicious activities it has observed from numerous threat actors that either are related to the war in Ukraine or are using it as a lure.
In a blog post, a researcher from TAG said the group had observed the
operator of Ghostwriter
in recent days combine the use of the browser-in-browser tactic with a previous trick it has used of hosting phishing pages on compromised sites. The researcher described the browser-in-browser tactic as something the group had only previously observed multiple government-backed actors quietly using in phishing campaigns.
The Ghostwriter operators use of the new browser phishing technique highlights a threat dynamic that isnt often discussed, says Casey Ellis, founder and CTO at Bugcrowd. Increased scrutiny of attacker tactics, and subsequent sharing of those tactics, broadens the potential audience for those techniques, he says.
Ukraine Warnings
Googles update on Ghostwriter follows
recent warnings
from others, including Ukraines Computer Emergency Response Team (CERT-UA) and vendors such as Mandiant, about the threat groups widespread credential phishing attacks against Ukrainian military personnel and other individuals in the days leading up to and during the war.
The Ghostwriter campaign is one of several tied to Ukraine that Google has been tracking in recent weeks. According to TAG, nation-state-backed threat actors from Iran, China, North Korea, and Russia and numerous other criminal and financially motivated groups are all using Ukraine-war-related themes in phishing campaigns, online extortion attempts, and other malicious activities.
Many of the attacks have targeted organizations in Ukraine. But others have affected US nongovernmental organizations (NGOs) and government and military entities in multiple other countries as well. Among them is a campaign by a Curious Gorge, a threat group that is believed to have ties with the strategic support force of Chinas Peoples Liberation Army. According to Google, over the last two weeks it has observed the threat actor conducting malicious cybercampaigns against military and government organizations in Russia, Ukraine, Mongolia, and Kazakhstan.
Another example is Coldriver, aka Calisto, a Russian-based threat group that Google said had recently launched a credential phishing campaign targeting multiple US-based think tanks, NGOs, a Ukraine-based defense contractor, and the military of a Balkans nation,
Google TAGs latest update is the second this month on Ukraine-related cyber-threat activity. On March 7,
TAG issued an alert on new cyber-espionage and phishing campaigns
that it had observed from groups such as Russias APT28/FancyBear, Belarus UNC1151/Ghostwriter, and Chinas Mustang Panda.
The Russia-Ukraine conflict creates a backdrop of uncertainty, misinformation, and generally problematic Internet activity, providing ample cover for malicious activities, Ellis says. This, in turn, emboldens a variety of potential threat actors, ranging from nation-states to curious individuals.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Nation-State Hackers Ramp Up Ukraine War-Themed Attacks