Ukraine: Cyberattacks aiming for Telegram accounts

Ukraine's State Service of Special Communication and Information Protection has issued a warning regarding new cyberattacks from the UAC-0094 threat cluster that have been targeting Telegram accounts, The Hacker News reports. Attackers have been found to leverage Telegram messages warning recipients that their credentials have been used to log in from a new device in Russia while advising them to click an account confirmation link, which redirects to a phishing domain seeking for victims' phone numbers and one-time passwords to facilitate account takeovers. "The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS," said the SSSCIP of Ukraine. Similarities have been observed between the new campaign and a phishing attack last month that involved the use of various Indian organizations' compromised email accounts to hijack Ukr.net account users. The Telegram-targeted campaign also comes after Ukraine's Computer Emergency Response Team reported about Armageddon's use of war-related phishing lures to target the country's government agencies.