NATO Countries Targeted in Russian Phishing Attacks, Google Reports

According to the Google Threat Analysis Group (TAG), a great number of threat actors are currently exploiting the event of the Russian invasion in Ukraine to launch phishing and malware cyberattacks against Eastern European and NATO countries. The cyberattacks also target Ukraine.

As Google’s report reads:

Government-backed actors from China, Iran, North Korea, and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links. (…) Financially motivated and criminal actors are also using current events as a means for targeting users. For example, one actor is impersonating military personnel to extort money for rescuing relatives in Ukraine. TAG has also continued to observe multiple ransomware brokers continuing to operate in a business as usual sense.


Credential phishing cyberattacks organized by a Russian-based hacking group known as COLDRIVER against a NATO Center of Excellence and Eastern European forces are highlighted in the paper.

A Ukrainian defense contractor and many US-based non-governmental organizations (NGOs) together with think tanks were also among the targets of Russian threat actors.

Curious Gorge, a hacking group linked to China’s PLA SSF (People’s Liberation Army Strategic Support Force), targeted

Read More: