Google: Belarus conducted massive phishing campaigns against Ukraine and Poland

Hackers from Belarus carried out extensive phishing attacks against Ukrainian officials and the Polish military. Thus, the role of Belarus in Russia's invasion of Ukraine went beyond serving only as a place of residence for Russian troops, Google security researchers said, The Washington Post reports.

In particular, the Googe threat search team published details of attacks used against Ukraine and the Polish military, which are considered the first report of this kind.

According to the corporation, over the past two weeks, the hacker group Fancy Bear, which is associated with the Russian GRU military intelligence unit, has launched several large phishing campaigns against users of the Ukrainian media organization.Ukr.net emails came from hacked accounts and tried to transfer users to fake login pages.

Instead, in the early days after the Russian invasion of Ukraine with logistical assistance from Belarus, a hacker group in Belarus known as Ghostwriter used phishing to try to obtain the credentials of Ukrainian government officials and members of the Polish military, the US tech giant reports.

In a statement, Google claims that the phishing emails were sent from "a large number of hacked accounts and contain links to domains controlled by attackers."

"In the last two campaigns, attackers used newly created Blogspot domains as the initial landing page, which then redirected targets to phishing credentials pages where users were asked to enter their passwords, which were then recorded. All known Blogspot domains that are controlled by intruders have been removed," the report says.

At the same time, All Ghostwriter attacks that occurred over the past week were aimed specifically "at polish and Ukrainian government and military organizations."

Google also said it had discovered a Chinese "criminal" Mustang Panda who tried to inject malware into "targeted European organizations with baits related to the Ukrainian invasion." It did not name the organizations targeted by the attacks, but said the campaign "represented a departure from the targets regularly seen by the Mustang Panda in Southeast Asia."

In February, representatives of the Ukrainian cyber defense system said that a Belarusian group tried to hack into the personal email accounts of the Ukrainian military.

Hackers are also known to have harassed people in Belarus, which has been sharply divided since the election sparked mass demonstrations and more than 20,000 detentions in 2020.

Recall that in the evening of February 15, Ukrainians noticed that the websites of Oschadbank and PrivatBank stopped working. ATMs and mobile apps also failed. At first, the reason was not reported, but later Banks admitted that DDoS attacks occurred on them. Soon the websites of the Armed Forces of Ukraine, the Ministry of Defense and the Navy" lay down".