Threat Advisory: Opportunistic cyber criminals take advantage of Ukraine invasion

By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras.Executive Summary
Since the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and various types of fundraising. This activity has been increasing since the end of February. These emails are primarily related to scam activity but have also delivered a variety of threats, including remote access trojans (RATs). This is in addition to the malicious activity we’ve recently seen related to the crowd-sourced attacks in the region. This pattern is consistent with what we typically see following global events or crises, such as the COVID-19 pandemic, when opportunistic cybercriminals attempt to exploit high public interest for their own gain.

Email Campaigns
Since the invasion of Ukraine, we’ve observed a variety of email lures seeking to leverage the situation to convince recipients to take some action to benefit the attacker. While this specific activity has increased incrementally since late February, it still represents a small portion of the overall spam landscape. Cisco Talos expects this activity to continue to ramp up as this conflict

Read More: