Threat actors are using Ukrainian government hacked emails to send phishing emails worldwide. Be careful if you receive email from Ukrainian domains

Russia and Ukraine are fighting great battles in the streets, political forums and, of course, in cyberspace. Hacking groups and activists are acting for both sides seeking to wreak considerable damage in the country they consider rival using denial of service (DoS) attacks, malware infections and data theft campaigns.

Recent reports indicate that some organizations in Europe have been receiving malicious emails sent from accounts apparently belonging to active members of Ukraine’s military, in what many have associated with a cybercriminal campaign deployed by the Russian military.

Just a couple of days after starting the military invasion, the Ukrainian government reported detecting phishing emails apparently sent by the Ukrainian military. The attack was attributed to UNC1151, a hacking group linked to the Belarusian regime and allegedly funded by Russia.

A report by security firm Proofpoint notes that agencies providing care to Ukrainian refugees are receiving malicious emails from a possibly compromised account belonging to a Member of the Ukrainian armed service. These messages referred to an emergency meeting of the NATO Security Council on the humanitarian crisis unleashed by the war. The emails included a macro-enabled XLS attachment, responsible for delivering a malware variant.

Proofpoint notes that the malware variant, identified as SunSeed, is responsible for delivering additional malicious payloads to compromised devices. Researchers theorize that this campaign could be trying to collect information about the process of care for Ukrainian refugees, in addition to knowing details of public funds, logistics and supplies delivered by the European Union.

Ukraine’s computer army has already been notified and is expected to continue investigating the incident. As you will recall, this special unit was formed after the Russian invasion began, quickly reaching 260,000 members.

In another incident unrelated to the Ukrainian IT army, an individual identified as CyberKnow leaked a list of the various hacking groups that support both Russia and Ukraine, claiming that at least 30 groups in combat have been detected so far.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.