a Google report has revealed that the Russia-based Coldriver hackers targeted NATO and Eastern European militaries in credential phishing campaigns
Cybersecurity is a critical issue in light of the circumstances surrounding the Russia-Ukraine war. There is no denying that war in the new age is different from that of previous eras, as evidenced by the entry of cryptocurrency and cyber aggression as newfound tools for both sides of the war.
Russian threat actors have recently tried to break into the networks belonging to the North Atlantic Treaty Organization (NATO) and some of the military entities of a number of Eastern European counties, a report published by Google’s Threat Analysis Group (TAG) said.
Although the intricate details of the targeted cyberattacks were not provided, including the actual names of the countries that were affected, TAG revealed that the cyberattackers have been traced back to the Russian-based hacker group called “Coldriver”.
Coldriver, also known as Calisto, is known for orchestrating credential phishing campaigns against targets across the world. Some of the victims that have come under fire through their activities include a host of US nonprofits and think tanks, as well as a Ukraine-based defense contractor
The actions of Russian-based cybercriminals have caught the attention of the world, with the recent spate of legal actions indicating the keen interest by governments to ward off the attackers. As such, cybersecurity experts have exposed the following Coldriver phishing domains:
•
protect-link[.]online
• drive-share[.]live
• protection-office[.]live
• proton-viewer[.]com
The Tactic of Credential Phishing
According to the Google report, the phishing campaigns were sent to target victims using newly created Gmail accounts as well as those belonging to other email service providers. TAG observes that the approach has made it difficult for analysts to provide a concise analysis of their success rates.
The report went further to note the “continuously growing number” of cybercriminals that are trying to take full advantage of the Russia-Ukraine war to design phishing and malware attacks using the guise of war-related services.
Cybersecurity experts acknowledge that a significant number of government-backed threat actors linked to China, Iran, North Korea and Russia are leveraging the existing narratives to launch malicious emails that would lead unsuspecting would-be victims to click on harmful links.
Well, it turns out that NATO and its allies were well expecting the rise in Russia-linked cybersecurity attacks considering that President Biden had already sent U.S. deputy national security adviser for cyber and emerging technology to the world’s major military organization way ahead of the Russian invasion of Ukraine.
