Recently, according to a Google report, Russian and Belarusian cybercriminals have attacked Ukrainian citizens, using the ongoing conflict as an opportunity to benefit from it. The recent Russia-Ukraine war has become an opportunity for cyberattackers. CSIS reported that in February of 2022, the Ukrainian Ministries, Education, and Infrastructures were attacked. This led to a massive loss for the Ukrainian government. Grasping the understanding of the Ukrainian system gave the cybercriminals a clear understanding of how to proceed with their activities.
Threat actors are always using current affairs as an attack mechanism to target those who are concerned about world affairs. In the recent email phishing scam that was targeted against the Ukrainian government and other countries, the attackers used the tactic of appealing to the sentiments of the victims. The email contained a message regarding the Russia-Ukraine war and either asked to add money to a relief fund or asked for monetary help directly for one of the war victims while quoting a tear-jerking story. These emails have been impacting everyone, from individuals to conglomerates.
Scope of the Attacks
According to the analysis report by Google, two major cybercriminals have come to light. They go by the alias FancyBear and Ghostwriter and have been using email phishing schemes to attack the Ukrainian government. The emails sent by these attackers were sent from hacked email addresses, and the hyperlinks in the email led to a landing page that they controlled. While some attacks were related to digital currencies, others were directed towards seeking bank details.
The emails that sought the digital currency account details were created as an official email disguised as a government order to update the account information. On clicking on the link provided in the email, the potential victim would be directed to a landing page that would ask for sensitive information related to their digital wallet. Once the victim is directed to the website and they enter their account details without first verifying the validity of the email, the email sender, or the website link itself, their account will be compromised.
The emails that were directed to seek bank details or credit or debit card details were more of a social engineering attack than a simple phishing scam. These emails were designed to garner support from those who are concerned about the war victims and want to support them in any possible way. The email would ask for aid money that would be transferred from your account to a relief fund, or it would ask you directly to help a victim in need. These emails would invoke an emotional and very likely financial response from most of us. If you, however, click on the links in such emails without first verifying the sender or checking whether the link provided seems suspicious or not, you could be victimized.
Spear-phishing attacks that use military-themed emails have also been observed to be on the rise. In such attacks, the email consists of a dubious file that may seem like a military document that informs about the ongoing war conditions but is actually spyware or malware that can download and activate payloads. These payloads are connected to the attacker’s domain, enabling them to upload or download from the device’s network or server or even allowing the attacker to control the device.
Certain cyberwar threats were even observed to be Distributed Denial of Service (DDoS) attacks aimed at the Ukrainian government. These attacks rendered local governmental devices useless, causing a lag in the government procedure.
Reaction Against The Cyberwar Action
In a report by The Guardian, Joe Biden stated that the U.S. would respond if it turned out to be a threat to U.S. cybersecurity. Although most Russian cyberattacks have been directed towards the Ukrainian government and other essential systems, organizations in other ally nations cannot let their guard down.
Apart from the Russian government, other cybercriminals under unidentified groups have started to act using the Russia-Ukraine war as their attack theme. Google identified China-based attackers targeting European territories and South-East Asian countries and carrying out large attacks through emails by having the victims download files that seemed to report on the Russia-Ukraine war. However, these files were a downloader kind of file that downloaded other suspicious files that would steal information from the victim’s local device.
Some cyber attacker groups also decided and started to take sides of either Russia or Ukraine. In a tweet by Anonymous, they declared that they would support the Ukrainian government and would participate in attacking the Russian government. GhostSec and other cyber attacker groups also participated in a cyberattack against the Russian government.
However, other groups such as the Conti declared that they would support the Russian government if any country threatened the safety of Russia. Amidst all this, the attacks on the Ukrainian and Russian governments and the military have continued to damage the economic states of both countries, along with the daily functioning of the average citizens.
While the Russia-Ukraine war doesn’t seem to be nearing an end, a lot of financial and economic damage has surfaced that has threatened the personal safety of the Ukrainian citizens and revealed to the world the strategic strength that the cyber groups hold in today’s world. The overall progress has been halted, but the usage of war-themed attacks has shown that the attackers will leave no stone unturned to achieve what they want. Therefore, it’s crucial to keep your guard up and stay wary of cyber threats, such as phishing attacks in these pressing times.