- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
Ukraine Refugee Aid Targeted by Phishing Campaign
European officials are being targeted by what appears to be a state-sponsored phishing campaign aimed at disrupting their efforts to help Ukrainian refugees, cybersecurity company Proofpoint said Wednesday.
According to the company’s researchers, the attackers are using what’s possibly a compromised Ukrainian armed service member’s email account to target officials managing the logistics of refugees fleeing that country. The emails carry a malicious macro attachment that attempts to download dangerous malware, dubbed by the researchers as SunSeed, onto the target’s computer.
The campaign comes as Russian troops advance on Ukraine’s capitol, prompting hundreds of thousands of people to flee and choking Ukraine’s border crossings with several counties, including Poland, Hungary, Slovakia and Romania. According to Proofpoint, the campaign could be an attempt to figure out where those people, as well as the resources needed to help them, could be headed next.
Though the targeted European officials had various expertise and job responsibilities, the attackers seemed to focus on people with responsibilities related to transportation; financial and budget allocation; administration; and population movement within Europe.
“This campaign may represent an attempt to gain intelligence regarding the logistics surrounding the movement of funds, supplies, and people within NATO member countries,” the researchers wrote in their report.
While the researchers didn’t directly attribute the campaign to a specific country or cybercrime group, they did note that from a technical standpoint it’s similar to previous actions tied to an attacker known as Ghostwriter, or TA445, believed to be operating out of Belarus.
That attacker also has been tied to large disinformation operations bent on manipulating European public opinion related to refugees within NATO countries, Proofpoint said.