Amazon: Charities, aid orgs in Ukraine attacked with malware

[MMT]

 malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia's war.

 

Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.

 

"While we are seeing an increase in activity of malicious state actors, we are also seeing a higher operational tempo by other malicious actors.," Amazon said.

 

"We have seen several situations where malware has been specifically targeted at charities, NGOs, and other aid organizations in order to spread confusion and cause disruption.

 

"In these particularly egregious cases, malware has been targeted at disrupting medical supplies, food, and clothing relief."

 

Phishing attacks against European refugee helpers

Proofpoint researchers spotted a similar activity, observing spear-phishing attacks targeting European government personnel involved in logistics support for Ukrainian refugees.

 

Emails sent in the attacks delivered malicious macro attachments that would download a Lua-based malware dubbed SunSeed, used to deliver additional payloads onto compromised devices.

 

The campaign, tracked as Asylum Ambuscade, targeted only NATO entities using the compromised email account of a Ukrainian armed service member.

 

Based on the infection chain, it aligns and is likely related to July 2021 phishing attacks linked to the Ghostwriter Belarusian threat group (also known as TA445 or UNC1151).

 

Facebook and the Computer Emergency Response Team of Ukraine (CERT-UA) also warned of Ghostwriter phishing campaigns against Ukrainian officials and military personnel.

 

Before Russia's invasion, the Ukrainian Security Service (SSU) said the country was being hit by a "massive wave of hybrid warfare." 

 

This deluge of attacks included DDoS attacks against Ukrainian government agencies and state banks, phishing targeting the Ukrainian military, as well as multiple series of destructive malware attacks [1, 2].

 

 

ARTICLE