Countries Assisting Ukraine Refugees Targeted in Phishing Cyberattacks

European government personnel involved in helping Ukraine refugees with logistics support has been the target of a spear-phishing campaign, a new report underlines.

Spear-Phishing Campaign Against Countries Helping Ukraine Refugees

A recent analysis belonging to Proofpoint researchers unveils a spear-phishing campaign where threat actors make use of email accounts that are “possibly compromised” belonging to Ukrainian armed service members to spread phishing messages.

Proofpoint has identified a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member’s email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. The email included a malicious macro attachment which attempted to download a Lua-based malware dubbed SunSeed.


According to the researchers, only European governmental entities have been targeted in this malicious campaign for the moment and they were not able currently to link the cyberattacks to any threat actor.

The targeted individuals possessed a range of expertise and professional responsibilities. However, there was a clear preference for targeting individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe. This campaign may represent an attempt to gain intelligence regarding the logistics surrounding the movement of funds, supplies, and people

Read More: