According to cybersecurity research from Google’s Threat Analysis Group (TAG), government backed hackers from Russia, China, Iran, and North Korea are exploiting Russia’s invasion of Ukraine. The attacks leverage public interest in the conflict and are designed to steal login credentials, sensitive information, and money from victims spanning several countries. The campaigns contain specific lures that attract more victims to click on malicious links. In the past two weeks alone, Google stated that several hacking groups have taken advantage of the war to further their malicious campaigns.
One instance is the Russian based hacking group referred to as Calisto and Coldriver. Their targets include several US-based NGOs and think tanks, military entities in multiple Eastern European countries, the military of a Balkans company, Ukrainian organizations, and a NATO Centre of Excellence, among others. The group has reportedly been exploiting the crisis for its own gain, using themes and lures related to the conflict.
Read More: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts