Skip to content Skip to footer

Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks

researchers have uncovered a new influence operation targeting Ukraine that uses spam emails to spread war-related disinformation. Slovak company ESET has linked this activity to Russia-aligned threat actors and identified a spear- campaign aimed at a Ukrainian defense company in October 2023 and a European Union agency in November 2023 to harvest login credentials using fake landing pages. The entire campaign has been codenamed Operation Texonto. It has yet to be attributed to a specific threat actor. However, some elements overlap with COLDRIVER, which has a history of harvesting credentials via bogus sign-in pages.

The disinformation operation took place over two waves in November and December 2023. The email messages bore attachments and content related to heating interruptions, drug shortages, and food shortages. The November wave targeted no less than a few hundred recipients in Ukraine, including the government, energy companies, and individuals. How the target list was created currently needs to be discovered.

The second disinformation email campaign that commenced on December 25, 2023, expanded its targeting beyond Ukraine to include Ukrainian speakers in other European nations. All the messages were written in Ukrainian and sent to a diverse set of targets ranging from the Ukrainian government to an Italian shoe manufacturer.

One of the domains used to propagate the emails in December 2023, infonotification[.]com, also sent hundreds of spam messages beginning January 7, 2024, redirecting potential victims to a fake Canadian pharmacy website.

According to ESET, Operation Texonto shows yet another use of technologies to influence the war. The development comes as Meta, in its quarterly Adversarial Threat Report, said it took down three networks from , Myanmar, and Ukraine across its platforms that engaged in coordinated inauthentic behavior (CIB).

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

There is no right and wrong. There's only fun and boring.The Plague

Deitasoft © 2024. All Rights Reserved.