The Threat Analysis Group reported that ,” For citizens in Ukraine and the surrounding region, online security is critical right now. It is required for government organisations, independent publications and public service providers to function as well as for individuals to communicate safely. Google has been working around the clock to ensure the safety and security of our users as well as the platforms that allow them to access and exchange critical information.”
This project builds on our long-standing efforts to combat threat actors in the region. TAG has issued hundreds of government-backed attack warnings to Ukrainian users , alerting them to the fact that they have been the subject of government-backed hacking, primarily from Russia.
TAG has seen activity from a number of threat actors who monitor on a regular basis and are well-known to law enforcement, including FancyBear and Ghostwriter, over the last two weeks. This activity includes everything from espionage to phishing scams. We’re sharing this information with the security community and high-risk consumers to assist raise awareness:
The news follows a warning from Ukraine’s Computer Emergency Response Team (CERT-UA) about phishing tactics aimed at Ukr.net users, which entail sending messages from compromised accounts with links to attacker-controlled credential harvesting URLs.
Another cluster of threat activity involves Ukr.net, Yandex.ru, wp.pl, rambler.ru, meta.ua, and i.ua webmail users who have been targeted by phishing attacks by a Belarusian threat actor known as Ghostwriter (aka UNC1151).
The infection sequence involved inserting a malicious URL in a phishing letter sent to a diplomat from a European NATO country, which, when clicked, provided an archive file containing a dropper, which then downloaded a fake document to collect the final-stage PlugX virus.
The development comes as a deluge of distributed denial-of-service (DDoS) attacks have pounded a number of Ukraine sites, including those linked to the Ministry of Defense, Foreign Affairs, and Internal Affairs, as well as services like Liveuamap.
Hackers claimed to have taken down the Russian Federal Security Service’s website and disrupted live feeds for various Russian TV networks and streaming sites, including Wink, Ivi, Russia 24, Channel One, and Moscow 24, in order to broadcast conflict images from Ukraine.
Finally the researchers concluded that ,” The development of an IT Army, a crowdsourced Ukrainian government project that uses digital warfare to damage Russian government and military targets has generated a series of counterattacks against Russia. This will coincides with Russia’s decision to ban Facebook and other widely used social media platforms as well as technological businesses from the United States severing links with Russia, thus erecting an iron curtain and restricting online access.”