Powered by MOMENTUM MEDIA
defence connect logo

Powered by MOMENTUMMEDIA

Powered by MOMENTUMMEDIA

State-sponsored cyber actor exploits Ukraine crisis, targets European governments

State-sponsored cyber actor exploits Ukraine crisis, targets European governments

A possible state-sponsored phishing campaign is exploiting the Ukrainian crisis to undermine European government officials assisting asylum seekers, according to new research.

A possible state-sponsored phishing campaign is exploiting the Ukrainian crisis to undermine European government officials assisting asylum seekers, according to new research.

Cyber security company Proofpoint has identified a likely state-sponsored phishing campaign potentially using a compromised Ukrainian armed service member’s email account to target European government personnel involved in assisting refugees fleeing war-torn Ukraine.

The email reportedly included a malicious macro attachment designed to bait recipients into downloading a Lua-based malware, known as SunSeed.

==============
==============

According to Proofpoint, the attack resembles a previous campaign identified in July 2021, suggesting the same malicious actor could be responsible for this latest campaign.

The identification of this latest phishing campaign follows warnings from the Ukrainian Computer Emergency Response Team (CERT-UA) and the State Service of Special Communications and Information Protection of Ukraine.

The agencies have flagged attacks targeting private email accounts of Ukrainian armed service members by ‘UNC1151’, monitored by Proofpoint as part of its tracking of threat actor TA445, reportedly based in Belarus.

“While Proofpoint has not definitively attributed this campaign to the threat actor TA445, researchers acknowledge that the timeline, use of compromised sender addresses aligning with Ukrainian government reports, and the victimology of the campaign align with published TA445 tactics to include the targeting and collection around refugee movement in Europe,” Proofpoint noted in a statement.

Proofpoint is expecting proxy actors like TA445 to continue targeting European governments to gather intelligence around the movement of refugees from Ukraine and other issues of importance to the Russian government.

“TA445, which appears to operate out of Belarus, specifically has a history of engaging in a significant volume of disinformation operations intended to manipulate European sentiment around the movement of refugees within NATO countries,” Proofpoint added.

“These controlled narratives may intend to marshal anti-refugee sentiment within European countries and exacerbate tensions between NATO members, decreasing Western support for the Ukrainian entities involved in armed conflict.

“This approach is a known factor within the hybrid warfare model employed by the Russian military and by extension that of Belarus.”

Proofpoint noted that its decision to publish this report aimed to “balance accuracy with responsibility”, disclosing “actionable intelligence” amid a “high-tempo conflict”. 

[Related: CISA counters state-sponsored cyber threats ]

You need to be a member to post comments. Become a member for free today!