The Russian hacker group COLDRIVER, also known as Calisto, attacked the armed forces of several Eastern European countries and one of NATO's centers of excellence. Reported by Google.
During the attacks, the hackers used newly created Gmail accounts.
They sent phishing emails to non-Google emails, so the success rate of these attacks is unknown, the report says. The group also launched phishing attacks targeting several U.S.-based non-governmental organizations and think tanks, the military of a Balkan country, and a Ukrainian-based defense contractor.
"Curious Gorge, a group TAG attributes to China's PLA SSF, has conducted campaigns against government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia. While this activity largely does not impact Google products, we remain engaged and are providing notifications to victim organizations.
COLDRIVER, a Russian-based threat actor sometimes referred to as Calisto, has launched credential phishing campaigns, targeting several US based NGOs and think tanks, the military of a Balkans country, and a Ukraine based defense contractor. However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence. These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown. We have not observed any Gmail accounts successfully compromised during these campaigns.
Ghostwriter, a Belarusian threat actor, recently introduced a new capability into their credential phishing campaigns. In mid-March, a security researcher released a blog post detailing a 'Browser in the Browser' phishing technique. While TAG has previously observed this technique being used by multiple government-backed actors, the media picked up on this blog post, publishing several stories highlighting this phishing capability."
