Around 60 percent of all ‘Russian government-sponsored phishing attacks’ in the first quarter of this year are said to be aimed at targets in Ukraine. Organizations from Belarus are also said to attack targets in Ukraine on a large scale.
That writes Google’s Threat Analysis Group based on its own research. The research team mentions a few malicious hacker organizations that are allegedly affiliated with the Russian government and that have carried out attacks on targets in Ukraine for geopolitical reasons.
For example, the organization Sandworm, also known as Frozenbarents, had first quarter of 2023 targeting Ukraine’s energy infrastructure. The organization would have wanted to penetrate the Eastern European energy sector with, among other things, phishing text messages and fake Windows updates. Ukrainian military targets were also attacked by the organization. According to TAG, Sandworm falls under Unit 74455 of the Russian military intelligence service.
Another organization called APT28, referred to by Google as Frozenlake, is said to have targeted Ukrainian individuals with phishing emails. Malicious websites then tried to collect login details from victims.
Although researchers from Google’s cybersecurity team write that Ukraine remains the main focus of Russian cyberattacks, it is the first time that concrete figures have been shared. Earlier, TAG wrote more abstractly that “many Russian state-sponsored cyber attackers continue to target Ukraine.” The team does, however, quantify the number of blocked YouTube channels linked to ‘coordinated Russian influence campaigns’ every quarter. There are on average a few dozen to hundreds per month.
