Ukraine and NATO are targeted by five Russian government-backed hacker groups – Google
Five hacker groups backed by the Russian government, some of them working with the GRU and the FSB, are behind attacks on Ukraine and NATO countries, according to "Fog of War", a report published by Google's Threat Analysis Group, Radio Liberty reports.
These hacker groups are FrozenLake, Coldrive, Summit, FrozenBarents and FrozenVista.
According to the experts, these hacker groups' primary strategies include phishing. Most often, the hackers target Gmail addresses, as well as mail services of various government institutions, such as the Ministry of Defense, the Ministry of Foreign Affairs, etc.
For instance, according to TAG, FrozenBarents has links to the GRU and the Russian army and engages in intelligence collection, disinformation, and destroying information systems. The group's targets in Ukraine inlude infrastructure, which was affected in 2015 and 2016, NATO countries, Georgia, and South Korea. One of the targets of the FrozenBarents cyberattacks was the manufacturer of Turkish Bayraktar UAVs.
Summit, the experts say, is backed by the FSB. Its members are engaged in espionage. These hackers primarily target the security forces of NATO countries. In July 2022, the group disguised malware as a program that can be downloaded from a domain similar to the Azov Regiment website.
The Google report also mentions the Belarusian group Pushcha, which deals in espionage and information campaigns. In 2021, the group ran the Ghostwriter campaign, distributing pro-Russian publications by hacking news websites and posting fake content.
The wave of cyberattacks organized by Russian hacking groups started even before the war: Google specialists recorded the first phishing campaigns targeting Ukraine in April 2021. Shortly before that, the Russian army had started amassing its forces at the Ukrainian border. According to TAG, the number of cyber attacks on Ukraine increased by three and a half times in 2022 compared to 2020, and the number of attacks on NATO countries quadrupled.
As IMI reported, on February 12, NATO websites were subjected to cyberattacks, probably by Russian hackers.
Help us be even more cool!