Following the Russian invasion of Ukraine, an unidentified state actor using malicious software has targeted European officials who are in charge of assisting Ukrainian refugees. According to Proofpoint, the attacker bears some similarities with a hacking group Ghostwriter, also dubbed TA445 or UNC1151. The Ghostwriter group has previously been linked to Belarus, although Proofpoint hasn’t identified the nation-state behind this recent attack just yet. Belarus’ embassy in London has responded to the news by denying any involvement with the cyber attack on EU officials.
Based on the official statement released by Proofpoint, the attackers started a phishing campaign using a compromised email account of the Ukrainian armed service member. Using the compromised email, the hacking group targeted European government personnel tasked with assisting Ukrainian refugees fleeing the country.
Currently, hundreds of thousands of Ukrainians are trying to leave the country. According to various sources, 1 million Ukrainians have already left their homes, trying to escape the Russian military aggression. Russian troops have already bombed numerous Ukrainian cities, including its capital Kyiv.
Last week, Ukrainian cybersecurity officials warned that Belarusian military hackers have been trying to access the private email addresses of Ukrainian military personnel, and this recent attack on EU officials seems to be the continuation of the same campaign.
According to Proofpoint, the campaign could be an attempt to gain intelligence about the logistics of the movement of funds, humanitarian aid, and people within NATO states. The cybersecurity firm has also said that the techniques used in this campaign against the EU officials are far from being groundbreaking, although considering the tense environment and stress levels. When taken together could lead to some serious damage.
The growing role of cybersecurity in conflicts
This incident highlights the importance of prioritizing cyber security at home and at work, on a personal and professional level. Cyber-attacks have already played an important role in developing this war, and who knows what could be next?
The fighting has disrupted many communication networks across Ukraine, and the Russian government has limited access to certain news outlets and websites. Here’s what you can do to ensure your cybersecurity and protect your internet freedom.
Use VPNs to stay safe and informed online
Virtual Private Networks are a helpful tool for disguising your identity online and preventing the government or even hackers from tying your internet activity back to you. Besides providing privacy in cyberspace, Nord VPN can give you access to websites and resources that are currently banned in your state for whatever reason. By using a VPN, you can reclaim your online privacy and decide where you will get your information online.
Practice caution, especially in stressful times
When the stakes are so high, and the matter is time-sensitive, it’s easier to fall for phishing techniques like the ones used by attackers against EU officials. While the emotions may be running high, it’s important to retain the essential practice of double-checking the validity of the emails, avoiding clicking on suspicious links that may take you to some new, unknown website, and thinking twice before responding to a request for highly sensitive data over email.
Cyber attackers know how to use these stressful situations to their advantage. They hope that the unusual circumstances will increase the likelihood of people making human errors, granting them access to sensitive data, or even falling for their phishing scam. While you may want to prioritize efficiency in times like these, it’s better to be safe than sorry.
Switch to more secure browsers
You may also want to consider switching browsers. Today, some of the most popular web browsers are among the least secure ones. If you are dealing with highly sensitive data or think someone may be spying on you, switch to a safer browser like Tor, which encrypts your connection, securing your data from all kinds of snoopers.
Using a VPN and a safer browser, and a more cautious approach to sending and receiving data online is crucial if you want to avoid cyber attacks in highly stressful times like these.