Hackers Are Targeting The Ukraine Refugee Crisis

Cyberattacks have been launched on organizations and individuals helping refugees trying to get out of Ukraine. Some may have been carried out by a Belarus-linked hacking group and the attackers have access to an email account of at least one Ukrainian military officer, according to American cybersecurity researchers.

Earlier this week, phishing attacks were launched on targets across Ukraine, pretending to come from the country’s security services, the SBU, offering information on evacuation plans. The Ukraine government put a warning out that it was a fake and that the linked documents in the emails were actually malware. Forbes obtained a screenshot of one of the phishing emails, which was sent to a Gmail account and came with a Google warning that “similar messages were used to steal people’s personal information.” The messages asked for evacuation plans, according to the SBU, and contained an attachment letter, later deemed to contain malware. Researchers from the Slovakia-based internet security company ESET  later told Forbes it was malware based on Microsoft’s Remote Utilities software for Windows, allowing outside access to computers. “The sample is fresh, but malware itself is not so sophisticated,” an ESET spokesperson said.

On Wednesday, researchers at U.S.-based cybersecurity company Proofpoint confirmed different “evacuation-themed” phishing attacks targeted an unnamed European government entity. Proofpoint security researchers looked at emails sent by address ending in @ukr[.]net, a “possibly compromised Ukrainian armed service member’s email account.” The emails, which targeted “European government personnel involved in managing the…