Russian Hackers Target Ukraine Via A Disinformation Campaign
Disinformation campaigns play an important role in cyber warfare, and this is exactly what Russian hackers target Ukraine. After waging war on Ukraine on land, Russia is attacking the East European country online as well. One example of this is the attack on Kyivstar, Ukraine’s largest telecom company.
In the latest, cybersecurity experts at a Slovak cybersecurity company ESET, have unearthed a new campaign in which Russian hackers target Ukraine and its citizens through spam emails for credential harvesting and to spread false information related to the Russia-Ukraine war.
Termed as Operation Texonto, the disinformation campaign takes the help of emails to spread discouraging information among Ukranian users. The hackers behind this disinformation campaign are believed to belong to an infamous Russian cyberthreat actor known as the Callisto Group or COLDRIVER, as termed by Google.
Operation Texonto: Russian Hackers Target Ukraine
Operation Texonto, according to ESET, started in November and December of last year in the form of multiple waves. The target audience of this campaign was diverse – common Ukrainians, overseas citizens of Ukraine, government companies, and even the Russians who supported Alexei Navalny and his opposition movement against Vladimir Putin. The purpose of this disinformation campaign was to “sow doubt” in the minds of the Ukrainian people about their country’s war against Russia.
Use of Emails
This campaign is different from the usual Russia-linked disinformation campaigns because of the medium it uses. Typically, other disinformation campaigns linked to Russia use either fake landing pages or the Telegram app to carry out the propaganda. However, Operation Texonto used emails written in a sarcastic tone for the purpose.
Some of the emails sent to the users contained different messages to annoy the readers. In one email, hackers warned the Ukrainians against the looming food shortages because of the war. Another email suggested the readers cut off their limbs to avoid enrollment in the Ukrainian military.
These emails were sent to the users under the guise of different government organizations like agriculture, health, or energy agencies.
Credential Harvesting
The research team at ESET noticed a Microsoft login credential phishing campaign as well, against Ukraine. It was found that a Ukrainian defense company and a European Union agency were the targets of this spear-phishing campaign. The purpose of these attacks was to steal credentials for Microsoft Office 365 accounts. The similarities between the network infrastructure that was used for the disinformation campaign have compelled experts to link both of them to the same threat actors.
Conclusion
Russia is desperately trying to win the war, and this disinformation and credential-harvesting campaign by the COLDRIVER threat actor is one of many ways Russia is attacking Ukraine. Russia is known for sponsoring hackers to achieve its goals. This warrants cybersecurity measures to prevent any panic among the common people. War causes hysteria among the masses, and this is exactly why Russian hackers target Ukraine over and over.
The sources of this article include The Hacker News and The Record.