About 60 percent of all “Russian government-sponsored phishing attacks” in the first quarter of this year are said to be aimed at targets in Ukraine. Organizations from Belarus are also said to attack targets in Ukraine on a large scale.
That writes Google’s Threat Analysis Group based on our own research. The research team names a few malicious hacker organizations that are allegedly affiliated with the Russian government and that have carried out attacks on targets in Ukraine for geopolitical considerations.
For example, the organization Sandworm, also known as Frozenbarents, targeted the energy infrastructure of Ukraine in the first quarter of 2023. The organization would have wanted to penetrate the Eastern European energy sector with, among other things, phishing text messages and fake Windows updates. Ukrainian military targets were also attacked by the organization. Sandworm falls under Unit 74455 of Russian military intelligence, according to TAG.
Another organization called APT28, referred to as Frozenlake by Google, is said to have targeted Ukrainian individuals with phishing emails. Via malicious websites, attempts were then made to collect victims’ login details.
Although researchers from Google’s cybersecurity team write that Ukraine remains the main focus of Russian cyber attacks, it is the first time that concrete figures have been shared. Earlier, TAG wrote more abstractly that “many Russian state-sponsored cyber attackers continue to target Ukraine.” The team does, however, quantify the number of blocked YouTube channels linked to ‘coordinated Russian influence campaigns’ every quarter. There are on average a few tens to hundreds per month.
In addition to targeted phishing attacks, TAG also detects various YouTube channels with ‘coordinated Russian influence campaigns’.
Source: Google / Threat Analysis Group