Wednesday, August 17, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Google pinpoints Russian phishing campaigns

Google pinpoints Russian phishing campaigns

Google's Threat Analysis Group published an update on the cyber activity it was tracking with regard to the invasion of Ukraine.


Erdem Yasar Erdem Yasar
March 30, 2022
2 min read
Google pinpoints Russian phishing campaigns

Google‘s Threat Analysis Group published an update about the latest cyber activity. TAG stated that they have observed an increasing number of threat actors using the war in their phishing and malware campaigns. Various threat actors are using war-related themes to trick users to open malicious emails or click malicious links.

Impersonating military personnel

Google also stated that actors are using current events while targeting users. According to the TAG’s report, one actor is impersonating military personnel to extort money for rescuing relatives in Ukraine. TAG identifies and removes those contents. Here is a deeper look at the campaign activity TAG has observed:

  • Curious Gorge, a group TAG attributes to China’s PLA SSF, has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia. While this activity largely does not impact Google products, we remain engaged and are providing notifications to victim organizations. Recently observed IPs used in Curious Gorge campaigns:
    • 5.188.108[.]119
    • 91.216.190[.]58
    • 103.27.186[.]23
    • 114.249.31[.]171
    • 45.154.12[.]167
  • COLDRIVER, a Russian-based threat actor sometimes referred to as Calisto, has launched credential phishing campaigns, targeting several US based NGOs and think tanks, the military of a Balkans country, and a Ukraine based defense contractor. However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence. These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown. We have not observed any Gmail accounts successfully compromised during these campaigns. Recently observed COLDRIVER credential phishing domains:
    • protect-link[.]online
    • drive-share[.]live
    • protection-office[.]live
    • proton-viewer[.]com
  • Ghostwriter, a Belarusian threat actor, recently introduced a new capability into their credential phishing campaigns. In mid-March, a security researcher released a blog post detailing a ‘Browser in the Browser’ phishing technique. While TAG has previously observed this technique being used by multiple government-backed actors, the media picked up on this blog post, publishing several stories highlighting this phishing capability. Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites. The new technique, displayed below, draws a login page that appears to be on the passport.i.ua domain, overtop of the page hosted on the compromised site. Once a user provides credentials in the dialog, they are posted to an attacker controlled domain. Recently observed Ghostwriter credential phishing domains:
    • login-verification[.]top
    • login-verify[.]top
    • ua-login[.]top
    • secure-ua[.]space
    • secure-ua[.]top

See more Cybersecurity News


Tags: Google

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Fedora 36 is ready for testing

Fedora 36 is ready for testing

Related News

Critical Realtek vulnerability leaves networking devices at risk

Critical Realtek vulnerability leaves networking devices at risk

August 17, 2022 7:15 pm
Trend Micro warned about incomplete or faulty patches

Trend Micro warned about incomplete or faulty patches

August 17, 2022 7:00 pm
1,900 Signal users' phone numbers may be exposed

1,900 Signal users’ phone numbers may be exposed

August 16, 2022 10:05 pm
10 malicious packages found on PyPI

10 malicious packages found on PyPI

August 16, 2022 9:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the Cloud7 Newsletter

Sign up for the Cloud7 Newsletter to receive the latest IT business updates straight to your inbox daily.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

10 Best Web Hosting Services of 2022

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Kali Linux 2022.2 is ready for download

Recent News

  • Deepin 23 Preview is released with atomic updates
  • Critical Realtek vulnerability leaves networking devices at risk
  • Trend Micro warned about incomplete or faulty patches
  • Proton 7.0-4 comes with support for more games
  • Cloud7 Podcast – Episode 10: Software-Defined Storage


Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.