Phishing Campaign Targeted Those Aiding Ukraine Refugees
Cyberattackers allegedly hijacked a Ukrainian military email address and leveraged its credibility to spread malicious email macros among EU personnel helping Ukrainians during the crisis with Russia. Among those targeted includes EU government employees who have been involved in managing the logistics of Ukrainians who are fleeing the country due to the violence. Ukraine has suffered from an unprecedented wave of cyberattacks over the past few weeks, experiencing heightened and aggressive amounts of denial-of-service (DDoS) campaigns against organizations and citizens. In addition, Ukraine has seen attacks against national infrastructure and vital organizations.
This time, instead of targeting Ukraine itself, the attackers targeted those aiding the country. The emails distributed to EU organizations contained Microsoft Excel files laced with malware that infected the targets’ computers once downloaded. Researchers found ties between the phishing attempt and the APT Ghostwriter. Ghostwriter has previously been linked with the government of Belarus. The attacks come amid the news of Russia’s invasion and subsequent war against Ukraine.