Google’s analysts’ group revealed several malicious threat actors conducting phishing attacks to target NATO and other European countries, especially the eastern EU military. The cybercriminal groups deploy malware and phishing campaigns against numerous targets and organisations within the region.
Google’s advisory disclosed that three threat groups are currently part of the attacks, including Ghostwriter, COLDRIVER, and Curious George, which wreak havoc via phishing and malware attacks against Europe.
The report describes that the Ghostwriter APT group’s campaigns have adopted a novel technique. Last March, the group employed a novel Browser-in-Browser phishing technique that deceives targets to steal user credentials.
The hackers hosted the phishing campaign on landing pages on the infected sites, which the threat group utilised to harvest credentials from their victims.
For the COLDRIVER group, Google indicated that the Russian-speaking threat group is conducting a credential phishing attack against organisations and sectors related to NATO.
Researchers said last month that these phishing attacks are focused on the Eastern European militaries and the NATO Centre of Excellence. In addition, the COLDRIVER threat group has also eyed several United States-based non-government organisations, think tanks, and Ukrainian defence contractors.
The last group highlighted by the Google threat analysis group is the Curious George group. According to the team, the threat group is connected to China’s PLA SSF and has been seen by the researchers participating in the same attacks mentioned earlier. It has targeted military organisations and several governments, such as Mongolia, Kazakhstan, Russia, and Ukraine.
Google’s report has also given information regarding a financially-motivated malicious threat group that utilises additional methods like using current affairs to social engineer and deceive their users.
In one such campaign, the threat actor spoofed military officials to try extorting money against a rescue operation for relatives and refugees in and from Ukraine.
Lastly, Google tag has also monitored a group of ransomware brokers that are still conducting their standard operational capability within the region.
These latest threat campaigns against these numerous European entities show the threatening capabilities and the current status of these cybercriminals. Therefore, experts suggested that businesses and organisations remain alert and proactively follow strict cybersecurity hygiene.