Google warns: Russian, Chinese and Belarusian hackers attack Ukraine

The Russia–Ukraine War we are fighting on several fronts: on the one hand the physical, certainly the most atrocious, on the other the digital. After the Anonymous collective that openly sided with Ukraine and various realities that abandoned Russia, Google issued a statement in which it warns that they have been spotted in recent days several online threats from Russia, Belarus and China towards various European governments, including that of Ukraine, military organizations and private citizens.

1662090765 96 hacker 720

The Threat Analysis Group (TAG) of Google, which is responsible for defending users against attacks promoted by state and government agencies, has indeed warned of hundreds of phishing campaigns and DDoS attacks that have occurred in recent months in Ukraine and from various governments, mainly from Russia. And over the past two weeks, new spying and phishing activity has been recorded by a number of known bad actors, including FantasyBear And ghost writer.

Ukraine attacked online by Russia, Belarus and China

Shane Huntley, head of Google TAG, highlighted how FantasyBear (also known as APT28 and linked to Russia’s General Directorate of Information, or GRU), initiated several large-scale phishing campaignsexploiting compromised email accounts to direct victims to attacker-controlled Blogspot domains.

Last week, however, the Belarusian group Ghostwriter (or UNC1151) attacked Polish and Ukrainian military and government organizations and also considered the author of other phishing campaigns against Ukrainian officials and military, reported by Computer Emergency Response Team of Ukraine (CERT-UA) e Facebook. There is also one in progress spear-phishing campaign against European government personnel supporting Ukrainian refugees, also likely linked to Ghostwriter.

According to Huntley, however, it’s not just Russia and Belarus involved in the cyberattacks on Ukraine. Also present among the attackers panda mustang (Temp.Hex or TA416), a China-based hacker collective that has moved from threats typical in Southeast Asia to several European organizations, including a diplomat supporting migrants and refugees. TAG also warned against “Attempted DDoS attacks against many Ukrainian sites”including the site of the Ministry of the Interior and Foreign Affairs, and services such as Liveuamap, useful for finding out about what is happening.

Google is helping by expanding eligibility to take advantage of Project Shield, the free proprietary service that helps websites respond to DDoS attacks. The aim is to ensure that Ukrainian government websites can stay online during these crucial times by blocking attacks as soon as they are spotted, just when threats have exploded. Mykhailo Fedorov himself, Prime Minister of Ukraine, announced the creation of the Ukrainian “IT army”, in response to the cyberattacks that the country had begun to suffer.

Gift ideas, why waste time and risk making mistakes?