New Delhi: Backing the US' warnings of possible cyber threats from Russian hackers, Russian government-sponsored hackers were found to be targeting North Atlantic Treaty Organization (NATO) and multiple Eastern European countries, according to Google’s Threat Analysis Group (TAG). Financially motivated and criminal actors are using the current Ukraine-Russia war as a means of targeting users.
COLDRIVER, a Russian-based threat actor sometimes referred to as Calisto, has launched credential phishing campaigns, targeting several US-based NGOs and think tanks, the military of a Balkans country, and a Ukraine-based defence contractor.
"However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence. These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown. We have not observed any Gmail accounts successfully compromised during these campaigns," Billy Leonard from Threat Analysis Group, wrote in a blog post.
One such threat actor is impersonating military personnel to extort money for rescuing relatives in Ukraine, mentioned Google's Threat Analysis Group while adding that it has continued to observe multiple ransomware brokers continuing to operate in a business as usual sense.
Meanwhile, earlier this week, the FBI had cautioned against a possible hacking attempt by Russian hackers as they have been found to be scanning the networks of five US energy firms. The alert to the industry comes in the wake of a possible state-sponsored hacking attempt by Russia that poses a "current" threat to American national security, a top FBI official told lawmakers.