- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Global APT Groups Use Ukraine War for Phishing Lures
Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links.
Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands.
The threat groups in question include El Machete, which is targeting the financial and government sectors in Nicaragua and Venezuela with malicious macro-laden Word documents containing articles on the war.
One of the docs was an article written by the Russian ambassador to Nicaragua titled: “Dark plans of the neo-Nazi regime in Ukraine.”
Another is Lyceum, an Iranian state-linked group targeting the energy sector with emails about war crimes in Ukraine that link to a malicious document hosted elsewhere. Its victims so far have been in Israel and Saudi Arabia, according to Check Point.
One email contained a link to an article from The Guardian hosted on the news-spot[.]live domain, alongside several malicious docs about the war.
The last of the three groups is SideWinder, which has been linked to India in the past. Targeting Pakistani victims, its lure is a purported document from the National Institute of Maritime Affairs of Bahria University in Islamabad, titled “Focused Talk on Russian Ukraine Conflict Impact on Pakistan.”
Sergey Shykevich, threat intelligence group manager at Check Point Software, argued that cyber-espionage is the likely end goal for the APT groups.
“Our findings reveal a clear trend, that collateral around the war between Russia and Ukraine has become a lure of choice for threat groups worldwide,” he added.
“I strongly recommend governments, banks and energy companies to reiterate cyber-awareness and education to employees, and to implement cybersecurity solutions that protect the network on all levels.”
In related news, Check Point claimed to have seen an increase in cyber-attacks globally of 16% since the start of the war, including a rise of 10% within Russia and 17% in Ukraine.