According to Google, financially motivated actors across the globe are still using the war in Ukraine as a phishing lure for campaigns. Recently, Chinese threat groups have been targeting Russia, the tech giant says. In Google’s Threat Analysis Group (TAG) quarterly bulletin reported that the governments of China, Iran, North Korea, and Russia were responsible for several attacks leveraging the conflict for financial gain and scamming. The Chinese People’s Liberation Army (PLA) have been targeting Russian assets despite Beijing’s approval of the invasion. In addition, security researchers are surprised by the attacks because of the relatively close geopolitical relationship between the country’s governments.

The PLA attacks targeted Russian government, military, logistics, and manufacturing organizations. In addition, the PLA hit targets in Asia and Ukraine. The campaign has been active for a while, and has targeted Russian defense contractors as well as the Ministry of Foreign Affairs. TAG also observed the Russian hacking group Fancy Bear targeting users in Ukraine with password stealing malware and phishing emails. TAG also reportedly detected the Turla group, which is thought to be a part of Russia’s FSB, running phishing campaigns against targets in the Baltics.

Read More: State-Backed Chinese Hackers Target Russia