Hackers Are Targeting The Ukraine Refugee Crisis
Ukrainian government agencies and cybersecurity companies warn about attempts to hack organizations helping hundreds of thousands leave the country as it is bombarded by Russian bombs. (Photo by Michael Kappeler/picture alliance via Getty Images)
dpa/picture alliance via Getty Images
Cyberattacks have been launched on organizations and individuals helping refugees trying to get out of Ukraine. Some may have been carried out by a Belarus-linked hacking group and the attackers have access to an email account of at least one Ukrainian military officer, according to American cybersecurity researchers.
Earlier this week, phishing attacks were launched on targets across Ukraine, pretending to come from the country’s security services, the SBU, offering information on evacuation plans. The Ukraine government put a warning out that it was a fake and that the linked documents in the emails were actually malware. Forbes obtained a screenshot of one of the phishing emails, which was sent to a Gmail account and came with a Google warning that “similar messages were used to steal people’s personal information.” The messages asked for evacuation plans, according to the SBU, and contained an attachment letter, later deemed to contain malware. Researchers from the Slovakia-based internet security company ESET later told Forbes it was malware based on Microsoft’s Remote Utilities software for Windows, allowing outside access to computers. “The sample is fresh, but malware itself is not so sophisticated,” an ESET spokesperson said.
A phishing warning goes out on Facebook from the State Service of Special Communication and Information Protection of Ukraine.
State Service of Special Communication and Information Protection of Ukraine
On Wednesday, researchers at U.S.-based cybersecurity company Proofpoint confirmed different “evacuation-themed” phishing attacks targeted an unnamed European government entity. Proofpoint security researchers looked at emails sent by address ending in @ukr[.]net, a “possibly compromised Ukrainian armed service member’s email account.” The emails, which targeted “European government personnel involved in managing the…