As the war between Ukraine and Russia began, we have seen many hacking activities between those two countries and sometimes additional countries involved too. Now, Google has noticed unusual hacking attempts coming from the Chinese state-sponsored actors, Curious Gorge, targeting Russian government agencies.
Aiming at Ukraine, Kazakhstan, and Mongolia as well
The targets of the Chinese hackers are not limited to Russian government agencies; but also Ukraine, Kazakhstan, and Mongolia. Google states that the Russian defense contractors, manufacturers, and a logistics company were compromised over the last week. Another Chinese-sponsored team, Mustang Panda, also targeted the officials or military personnel familiar with the region.
Billy Leonard from Google Threat Analysis Group adds that currently, China, Iran, North Korea, and Russia state-sponsored hackers are actively targetting the critical infrastructure of Ukraine. APT28 and Turla gangs, which are both backed by the Russian government, are continuing attacks on defense and cybersecurity organizations as well. Ghostwriter, a Belarusian state-sponsored gang also trying to steal credentials from the high-risk individuals in Ukraine.
Google stated that attacks have been blocked by the Safe Browsing service; by identifying and tagging them as “malicious”. The company adds they will alert all targeted users through their monthly government-backed attacker warnings.