Threat actors have launched a new phishing campaign exploiting Russians' concerns regarding mobilization in an effort to facilitate credential theft, according to The Record, a news site by cybersecurity firm Recorded Future.
Russians have been targeted through messages on Telegram, which aim to lure recipients into following a link redirecting to a supposed list of individuals who may be drafted in the Russian army to fight in Ukraine next month. Such a link, which has been previously used for Telegram user data theft, was continuously updated to avert detection, noted Russian cybersecurity channel In2security.
Moreover, a Telegram bot was also developed by attackers to encourage victims to input personal data and ask them to recommend the bot to 10 or more friends.
Kaspersky Lab noted that the campaign has been ongoing for the past few days, with the cybersecurity firm's chief expert Sergey Golovanov stating that victims may have their Telegram accounts and private messages compromised as a result of the intrusion.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.