Russian, Chinese, Belarusian hackers increasingly using Ukraine-themed lures in attacks, Google observes

Written by
Mar 30, 2022 | CYBERSCOOP

Within the last two weeks, a Russia-based hacking group has targeted several U.S. nongovernmental organizations and think tanks, the military of a Balkans country and a Ukrainian defense contractor, Google reported Wednesday.

The activity, attributed to a group Google calls “Cold River” but others know as “Calisto,” is the first time the Google researchers have observed the group targeting “multiple Eastern European countries, as well as a NATO Centre of Excellence,” Billy Leonard, a Google security engineer, wrote in a blog post for the company’s Threat Analysis Group.

The campaigns used newly-created Gmail accounts and targeted non-Google accounts, so it’s not clear whether the attacks were successful, Leonard notes.

Hackers associated with China, Iran, North Korea and Russia, along with other unattributed groups, are using “various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links.”

A request for comment from NATO was not immediately returned.

The report was part of an update on what Leonard says is a “growing number” of government-backed hacking groups using Russia’s war on Ukraine as a lure in phishing and malware campaigns recently. Hackers associated with

Read More: