CyberScoop reports that Ukrainian, Russian, and central Asian government organizations, industry sectors, politicians, and journalists have been impacted by various hacking campaigns led by Russian, Chinese, and Belarusian state-sponsored threat actors over the past weeks.
Russian military intelligence-linked APT28, also known as Fancy Bear, has been deploying malware attacks through malicious email attachments in an effort to exfiltrate Ukrainians' browser-stored cookies and passwords, while the Turla hacking group, which has been associated with Russia's Federal Secret Service, has been leveraging a malicious .docx file to target cybersecurity and defense entities in the Baltics, according to a Google report. Moreover, credential phishing emails have been distributed by Russian threat group Cold River, also known as Callisto, to government officials, journalists, and non-governmental organizations, including the NATO Centre of Excellence. The report also showed that high-risk people in Ukraine have been targeted by Belarusian hacking group Ghostwriter in a credential exfiltration campaign, while Chinese state-backed operation Curious George has not only attacked government and military firms in Ukraine, Russia, and Central Asia, but also the manufacturing and logistics industry in those regions.