IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google uncovers Russian phishing campaign targeting Ukrainian news provider

The tech giant has also recorded repeated DDoS attempts against the Ukrainian government

Russian hackers have conducted several phishing campaigns targeting users of one of Ukraine’s most popular online news providers.

That's according to Google’s Threat Analysis Group (TAG), which has attributed the attacks to the Russia-backed APT28 gang, also known as FancyBear and Strontium.

The phishing emails had been sent from a large number of compromised non-Google accounts, and included links to newly-created, attacker-controlled Blogspot domains, which redirected targets to credential phishing pages with the following domains:

  • id-unconfirmeduser[.]frge[.]io
  • hatdfg-rhgreh684[.]frge[.]io
  • ua-consumerpanel[.]frge[.]io
  • Consumerspanel[.]frge[.]io

The Blogspot domains have since been taken down, Google announced on Monday. The credential phishing pages are flagged as “dangerous” on the Google Chrome browser, as part of Google’s Safe Browsing service. Launched in 2007, the service identifies unsafe websites across the web and notifies users and website owners of potential harm with an attention-grabbing, red warning message.

Google deceptive site warning

FancyBear’s phishing campaign against Ukr.net is just one of many attempts by Russian and Belarusan threat actors to target Ukrainian organisations.

The TAG team has also been tracking the notorious Belarusan hacking group known as Ghostwriter, which it has observed launching phishing attacks against the Ukrainian and Polish governments. 

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

The tech giant has also recorded repeated DDoS attempts against Ukraine’s Ministry of Foreign Affairs, Ministry of Internal Affairs, as well as services like Liveuamap that are designed to help people find information. This has prompted Google to expand the eligibility for its free DDoS protection tool known as Project Shield, which sees Google absorb the influx of “bad traffic” and keep the targeted website online. 

Google said that “over 150 websites in Ukraine, including many news organisations, are using the service” and encouraged “all eligible organisations to register for Project Shield”.

Eligibility is determined on a rolling basis, with Google accepting Google Account holders that manage or own a website in the news, human rights and political sectors. 

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

What is cyber warfare?
Security

What is cyber warfare?

20 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022