"Latvia Confirms Phishing Attack on Ministry of Defense, Linking It to Russian Hacking Group"
Gamaredon, a Russian cyber espionage group, may have been responsible for the recent phishing attack on Latvia's Ministry of Defense. Several employees of the ministry received malicious emails from hackers posing as Ukrainian government officials, but the attempted cyberattack failed, according to the ministry. The email sample was initially released on Twitter by the French cybersecurity firm Sekoia. According to Sekoia threat intelligence expert Felix Aime, one of the targeted users may have downloaded it to check its source on VirusTotal, a Google-owned service that analyzes suspicious files. Researchers linked this phishing campaign to Gamaredon due to the use of the same domain in previous attacks. Unit 42 also linked this domain to Gamaredon in early December 2022. Ukraine believes that Gamaredon operates out of the city of Sevastopol in Russia-occupied Crimea, but that it is under the command of the FSB Center for Information Security in Moscow. In June 2013, two months before Russia annexed the Crimean Peninsula from Ukraine, the group began operations. This article continues to discuss the phishing attack on Latvia's Ministry of Defense being linked to the Gamaredon Russian cyber espionage group.