State-backed hackers ramp up cyber operations in Eastern Europe: Google
Government-backed hackers from Russia, China, Iran and North Korea have been increasing their efforts over the past few weeks to target critical infrastructure in Eastern Europe and Central Asia, according to a latest cyber threat update from Google.
The tech giant said in a blog post on Tuesday that the hackers are “using the war as a lure in phishing and malware campaigns” as they attempt to target critical sectors including telecommunications, manufacturing and the oil and gas industry.
“[The hackers] have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links,” Google said in the blog post.
For instance, a hacker group known as APT28 or Fancy Bear, affiliated with Russia’s military intelligence agency GRU, targeted users in Ukraine with a new variant of malware that was distributed via email attachments.
Another Russian-backed group known as Turla launched phishing campaigns against the Baltics, targeting defense and cybersecurity organizations in the region.
The Google update follows a growing number of alerts and reports, from both governments and other tech companies, indicating that Russia is expanding its cyber activities in Ukraine and beyond.
Just last week, Microsoft released a report revealing that at least six Russian-backed hacking groups have launched more than 200 cyberattacks against Ukraine, including nearly 40 destructive attacks that targeted government agencies and critical infrastructure.
The report also found that the hackers were involved in a broad range of espionage and intelligence activities in Ukraine. Microsoft also revealed that the hackers launched disinformation and espionage campaigns against NATO member states.
In a report released in late March, Google found that Russian-backed hackers attempted to penetrate the networks of NATO, U.S.-based nongovernmental organizations and the militaries of several Eastern European countries.
The hackers also launched phishing campaigns targeting U.S. think tanks, the military of a Balkans country and a Ukraine-based defense contractor.
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.