"Phishing Campaign Targeted Those Aiding Ukraine Refugees"

According to a new report from researchers at Proofpoint, cyberattackers are using a compromised Ukrainian military email address to deliver malicious macros to EU government employees who have been helping manage the logistics of refugees fleeing Ukraine. The attackers are leveraging breaking news about the Russian invasion of Ukraine to trick targets into opening emails with Microsoft Excel files containing malware. The phishing attempt has been attributed to TA445, also known as UNC1151 or Ghostwriter, which has previously been linked to the Belarus government. The researchers were able to trace the compromised Ukrainian military email address to a publicly available procurement document for a Stihl-brand lawnmower purchased in 2016. They found that the order was made by a military unit in Chernihiv, Ukraine. How the attackers gained access to a military email address remains unclear. This article continues to discuss the phishing campaign targeting EU government employees, the suspected attackers behind the campaign, and Ukraine-oriented cyberattacks that have occurred in recent weeks. 

Threatpost reports "Phishing Campaign Targeted Those Aiding Ukraine Refugees"