Google: 60 percent Russian phishing attacks targeting Ukraine

About 60 percent of all “Russian government-sponsored phishing attacks” are said to have targeted targets in Ukraine in the first quarter of this year. Organizations from Belarus are also said to be attacking targets in Ukraine on a large scale.

That writes Google’s Threat Analysis Group based on our own research. The research team names several malicious hacker organizations that are said to be affiliated with the Russian government and that have carried out attacks on targets in Ukraine based on geopolitical considerations.

For example, the organization Sandworm, also known as Frozenbarents, targeted Ukraine’s energy infrastructure in the first quarter of 2023. The organization allegedly wanted to penetrate the Eastern European energy sector with, among other things, phishing text messages and fake Windows updates. Ukrainian military targets were also attacked by the organization. According to TAG, Sandworm falls under Unit 74455 of the Russian Military Intelligence Service.

Another organization called APT28, referred to by Google as Frozenlake, is said to have targeted Ukrainian individuals with phishing emails. An attempt was then made to collect login details from victims via malicious websites.

Although researchers from Google’s cybersecurity team write that Ukraine remains the main focus of Russian cyber attacks, this is the first time that concrete figures have been shared. Previously, TAG wrote somewhat more abstractly that ‘many Russian state-sponsored cyber attackers continue to target Ukraine’. However, the team does quantify every quarter the number of blocked YouTube channels that were linked to ‘coordinated Russian influence campaigns’. This is an average of several dozen to hundreds every month.

In addition to targeted phishing attacks, TAG also detects various YouTube channels with ‘coordinated Russian influence campaigns’.
Source: Google / Threat Analysis Group