Cybersecurity researchers discovered a new influence operation targeting Ukraine that was utilizing spam emails to spread disinformation related to war. Codenamed Operation Texonto, the operation occurred in two waves over November and December 2023. While the operation has not been attributed to a specific threat actor, the campaign was linked to Russian-aligned threat actors by Slovak cybersecurity company ESET.

The first wave of the campaign targeted several hundred Ukrainian sectors including the energy sector, the government, and even private individuals. The second wave of the campaign expanded its targets outside of Ukraine and included Ukrainian speakers from other European nations. This disinformation operation utilized PDF attachments to emails with content describing food and drug shortages as well as heating disruptions. The emails originated from a spoofed email address posing as the Ministry of Agrarian Policy and Food of Ukraine. The emails sent during the second wave in December encouraged recipients to take extreme measures to avoid military deployment. ESET found that one of the domains used to transmit the phishing emails also began sending hundreds of spam messages in early January 2024. These developments emerged as Meta published its quarterly Adversarial Threat Report wherein it reported the takedown of three separate networks that engaged in coordinated inauthentic behavior (CIB).

Read More: https://thehackernews.com/2024/02/russian-hackers-target-ukraine-with.html