European officials aiding Ukraine got targeted by Asylum Ambuscade

March 14, 2022
European Officials Aiding Ukraine Asylum Ambuscade Spear Phishing Campaign

A spear-phishing cyberattack campaign dubbed Asylum Ambuscade was seen targeting the European government officials that aided the Ukrainian refugees trying to flee their country after the invasion of Russia.

The said cyberattack is still ongoing, and many European entities are trying to help confirm that they suffered from such attacks.

State-sponsored threat actors are believed to have infected a Ukrainian armed service member’s email account to compromise European government staff helping refugees from the invaded country.

The phishing messages include a weaponized macro payload developed to download the SunSeed malware attached to utilise the ‘emergency meeting’ of the North Atlantic Treaty Organisation (NATO) Security Council to lure the European aiders.

Some experts mentioned several similarities between the recent infection method and other attacks they monitored in the early weeks of July last year. The recent attacks against Europe have an impeccable identicality with the Ghostwriter APT group, which assumes that the same threat actors operate the Asylum Ambuscade phishing campaign.


The primary objective of the Asylum Ambuscade in targeting the military personnel of the Ukrainian government is to exploit intelligence regarding the refugee movements across Europe.


If the threat actors can gather intelligence against the European aiders, they can spread fake news and compromise NATO’s entities while an armed conflict exists between Ukraine and Russia.

The Ghostwriter APT group’s involvement had become more likely to concur since they had deployed several attacks on the private email accounts of Ukraine’s military personnel long before the invasion of Russia began.

In recent attacks, the threat actors have utilised the compromised sender infrastructure to distribute phishing emails and employ the MSI package to install Lua malware.

Refugees and European officials should follow the recommendations provided by security agencies since threat actors will attack anything related to the current conflict between Ukraine and Russia.

About the author

Leave a Reply