Numerous Ukraine war-related lures are being leveraged by Russian, Chinese, Iranian, and North Korean state-sponsored threat actors in malware and phishing campaigns, reports CyberScoop.
Russia-based threat group Cold River
, also known as "Calisto," has not only used such lures to attack nongovernmental organizations and think tanks in the U.S., but also to target a Balkans country's military, a Ukrainian defense contractor, and various Eastern European countries, including a NATO Centre of Excellence, a Google Threat Analysis Group report revealed.
The attacks by Cold River come amid the deluge of cyberattacks stemming from Russia's invasion of Ukraine, including intrusions against the modems of U.S.-based telecommunications company Viasat that sought to disrupt communication networks in Ukraine. Moreover, Google researchers have also identified attacks by the Chinese state-backed group dubbed "Curious Gorge," which has already hit Ukrainian, Russian, Kazakh, and Mongolian government and military entities. Belarusian state-backed hacking group Ghostwriter has also leveraged a browser-in-browser approach in its credential-stealing attacks, according to the report.