- The 25+ best Black Friday Nintendo Switch deals 2024
- Why there could be a new AI chatbot champ by the time you read this
- The 70+ best Black Friday TV deals 2024: Save up to $2,000
- This AI image generator that went viral for its realistic images gets a major upgrade
- One of the best cheap Android phones I've tested is not a Motorola or Samsung
Global APT Groups Use Ukraine War for Phishing Lures
Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links.
Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands.
The threat groups in question include El Machete, which is targeting the financial and government sectors in Nicaragua and Venezuela with malicious macro-laden Word documents containing articles on the war.
One of the docs was an article written by the Russian ambassador to Nicaragua titled: “Dark plans of the neo-Nazi regime in Ukraine.”
Another is Lyceum, an Iranian state-linked group targeting the energy sector with emails about war crimes in Ukraine that link to a malicious document hosted elsewhere. Its victims so far have been in Israel and Saudi Arabia, according to Check Point.
One email contained a link to an article from The Guardian hosted on the news-spot[.]live domain, alongside several malicious docs about the war.
The last of the three groups is SideWinder, which has been linked to India in the past. Targeting Pakistani victims, its lure is a purported document from the National Institute of Maritime Affairs of Bahria University in Islamabad, titled “Focused Talk on Russian Ukraine Conflict Impact on Pakistan.”
Sergey Shykevich, threat intelligence group manager at Check Point Software, argued that cyber-espionage is the likely end goal for the APT groups.
“Our findings reveal a clear trend, that collateral around the war between Russia and Ukraine has become a lure of choice for threat groups worldwide,” he added.
“I strongly recommend governments, banks and energy companies to reiterate cyber-awareness and education to employees, and to implement cybersecurity solutions that protect the network on all levels.”
In related news, Check Point claimed to have seen an increase in cyber-attacks globally of 16% since the start of the war, including a rise of 10% within Russia and 17% in Ukraine.