Threat actors are using the hacked accounts for phishing scams targeting European government officials to steal Ukrainian refugees and supply data.
A newly discovered phishing campaign uses compromised email accounts of Ukraine’s army personnel to steal data from European governments entities. It is worth noting that the email addresses in the discussion are private email accounts of Ukrainian military personnel offered by @i.ua and @meta.ua.
The findings come soon after the State Service of Special Communication and Information Protection of Ukraine issued a warning last week regarding the possibility of phishing attacks against its military officials to steal sensitive private data.
About Asylum Ambuscade
The Sunnyvale-based enterprise security firm, Proofpoint, has disclosed details of a new phishing campaign where nation-state-sponsored threat actors aim to steal the Ukrainian refugee movement and supply related data.
They are targeting European government entities to obtain intelligence information. The campaign was detected on 24 February 2022. The company dubbed the social engineering-based campaign as Asylum Ambuscade.
Malicious Emails Used to Hack Data
In the report, Proofpoint researchers Michael Raggi and Zydeca Cass wrote that threat actors use emails loaded with a malicious macro attachment (XLS file). The content is related to the Emergency Meeting of the NATO