Google TAG disclosed that multiple cybercriminals are actively targeting NATO and Eastern European countries. These attackers are launching phishing and malware attacks against targeted individuals and organizations. Google’s report has covered three specific groups actively involved in the attacks.
The report has highlighted that the Russian-based threat group, identified as COLDRIVER, is carrying out credential phishing attacks.
These attacks are aimed at the NATO Center of Excellence and Eastern European militaries.
Additionally, the hackers targeted a Ukrainian defense contractor, multiple U.S.-based NGOs, and think tanks.
It hosted credential phishing landing pages on the compromised sites, which were used to steal login credentials from victims.
The report further provides details about financially motivated cybercriminals using additional means, such as the use of current affairs to social engineer their users.
In one such instance, the attacker was impersonating military officials, attempting to extort money against a rescue operation for relatives in Ukraine.
TAG has observed that multiple ransomware brokers are still operating with their usual operational capability.
The recent attacks aimed at the European government and businesses imply the destructive instincts of cybercriminals who could go to any length. Businesses in impacted regions are suggested to stay alert and proactively follow the recommendations by CERT-UA.