A new Google report has revealed that Russian-backed hackers tried to break into the networks of NATO, US-based non-governmental organizations and the armies of several Eastern European countries .
The hackers, called Calisto or Coldriver, launched phishing campaigns also targeting US think tanks, the military of a Balkan country and a defense contractor based in Ukraine, according to Google.
“These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown,” the report said. “We did not observe any successfully compromised Gmail accounts during these campaigns.”
The report comes amid heightened security and warnings from US, European and NATO officials of possible Russian cyberattacks following Russia’s invasion of Ukraine in February.
Secretary of State Anthony Blinken on Thursday announced additional sanctions against Russian tech companies and cyber actors following malicious cyber activity.
“The United States will continue to hold President Putin’s cyber actors accountable for disruptive, destructive, or otherwise destabilizing cyber activities targeting the United States and its allies and partners,” Blinken said in a statement.
The United States and its allies have imposed crippling economic sanctions on Russia following the invasion of Ukraine, including cutting the country off about $600 billion in reserves held by the Central Bank of Russia and blocking the country’s access to the US dollar.
“We will continue to target President Putin’s war machine with sanctions from every angle, until this senseless war of choice is over,” Blinken said, referring to the Russian leader.
Google’s report also found hacks from other nation-state threat actors, including China and Belarus. A hacker group known as Curious Gorge, associated with the Chinese government, has launched phishing campaigns against government and military organizations in Ukraine, Russia, Kazakhstan and Mongolia.
“While this activity largely does not affect Google products, we remain engaged and provide notices to victim organizations,” the report said about the Chinese hack.
Google said it has seen an increase in cyber activity from different threat actors using the war in Ukraine to launch phishing and malware campaigns. The hacks were also financially motivated, as a threat actor posed as “military personnel to extort money to save relatives in Ukraine”.
“Government-sponsored actors from China, Iran, North Korea, and Russia, as well as various unattributed groups, have used various themes related to the war in Ukraine in an attempt to trick targets into opening malicious emails or clicking on malicious links,” the report said.
The Hill has removed its comments section, as there are many other forums for readers to join in the conversation. We invite you to join the discussion on Facebook and Twitter.