Foreign experts assume that Russian hackers may be behind these cyber incidents.
Foreign media reports suggest that “elite hackers associated with Russian military intelligence” are engaged in extensive phishing operations aimed at gathering intelligence from Ukraine.
The Google TAG Threat Intelligence Team is monitoring one of many cybercriminal groups involved, which is known by various names such as FROZENLAKE, APT28, Fancy Bear, Forest Blizzard, Iron Twilight, Sednit, and Sofacy. Experts believe that this group has been operating since 2009 and typically targets media outlets, governments, and military organizations in various countries.
The Rise of the Cybercrime Gangs
In early February of 2023, the FROZENLAKE group launched its latest intrusion campaign, which utilized Reflected Cross-Site Scripting (ReflectedXSS) on multiple Ukrainian authorities official pages. This tactic directed users to phishing domains where their login credentials were harvested.
Meanwhile, another group of attackers known as FROZENBARENTS (also referred to as Sandworm, Seashell Blizzard, or Voodoo Bear) has been targeting countries in Eastern Europe. This gang has been conducting its crimes since at least 2014 and is widely believed to be associated with the Russian government.
From November of 2022, FROZENBARENTS has been repeatedly attempting to breach organizations linked to the Caspian Pipeline Consortium (CPC), which is responsible for the management of one of the largest oil pipelines in the world.
The cyberattacks attributed to FROZENBARENTS have been highly sophisticated and have involved a range of tactics such as spear-phishing, zero-day exploits, and malware deployment. The group’s primary objectives appear to be data theft, espionage, and disruption of critical infrastructure.
FROZENBARENTS has targeted not only the CPC but also its partners and affiliates, including oil and gas companies and government agencies in the area.
Relation to Russia and Ukraine
PUSCHHA, which also goes by such names as Ghostwriter, Storm-0257, and UNC1151, is a hacker group believed to be backed by the Belarusian government and operating on behalf of Russia. The group has been accused of spear-phishing campaigns attacking Ukrainian webmail vendors.
The Russian government has denied any involvement in cyberattacks, but attribution is a complex issue in cybersecurity. As cyberattacks continue to rise, international cooperation and information-sharing are needed to combat these threats.