Google is reporting that a Russian APT group known as Gamaredon, Callisto and COLDRIVER has for the first time been caught phishing accounts of NATO and Eastern European militaries in addition to existing campaigns against American NGOs, a Ukrainian defense contractor, and a Balkan military.
"These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown. We have not observed any Gmail accounts successfully compromised during these campaigns," said Billy Leonard of Google's Threat Analysis Group in a blog post.
Gamaredon, first identified in 2013, is known primarily for its activity in Ukraine. In December, Ukranian authorities disclosed the names of five alleged members of the group, all of whom operated at the Sevastopol branch of Russia's FSB.
Palo Alto networks observed that Gamaredon had been targeting a "Western Government" in Ukraine in mid-January.
"The team continues to work around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information."