- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
State-Backed Chinese Hackers Target Russia
Financially motivated and state-sponsored actors around the globe continue to use the war in Ukraine as a lure for phishing campaigns, with Chinese groups targeting Russia of late, according to Google.
The tech giant’s Threat Analysis Group (TAG) claimed in its new quarterly bulletin that the usual governments of China, Iran, North Korea and Russia were responsible for many of the attacks recorded over the period.
Interestingly, Chinese People’s Liberation Army (PLA) actors continue to target Russian assets, despite Beijing’s tacit approval of the invasion of Ukraine and an increasingly close geopolitical relationship between the two autocracies.
The PLA attacks targeted government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia, according to TAG.
“In Russia, long-running campaigns against multiple government organizations have continued, including the Ministry of Foreign Affairs,” it added. “Over the past week, TAG identified additional compromises impacting multiple Russian defense contractors and manufacturers and a Russian logistics company.”
Elsewhere, TAG observed the infamous Russian APT28/Fancy Bear group targeting users in Ukraine with new password-stealing malware delivered via booby-trapped email attachments.
It also claimed to have detected the Turla group, thought to be part of Russia’s FSB, continue running phishing campaigns against targets in the Baltics.
A third Russian state actor, Coldriver/Callisto, continued to use Gmail accounts to send phishing emails to government and defense officials, politicians, NGOs and think tanks and journalists, TAG added.
Elsewhere, it noted that the Belarusian Ghostwriter group resumed targeting Gmail accounts via credential phishing, particularly “high-risk” individuals in Ukraine.
Last week, Microsoft released new threat intelligence claiming that Russian state-aligned actors had launched 237 campaigns against Ukrainian targets since just before the invasion and that more were likely on their way.
Pre-positioning for such attacks began as far back as March 2021, it noted.