Cybersecurity researchers have unearthed a brand new affect operation concentrating on Ukraine that leverages spam emails to propagate war-related disinformation.
The exercise has been linked to Russia-aligned risk actors by Slovak cybersecurity firm ESET, which additionally recognized a spear-phishing marketing campaign aimed toward a Ukrainian protection firm in October 2023 and a European Union company in November 2023 with an intention to reap Microsoft login credentials utilizing pretend touchdown pages.
Operation Texonto, as your complete marketing campaign has been codenamed, has not been attributed to a selected risk actor, though some components of it, notably the spear-phishing assaults, overlap with COLDRIVER, which has a historical past of harvesting credentials through bogus sign-in pages.
The disinformation operation passed off over two waves in November and December 2023, with the e-mail messages bearing PDF attachments and content material associated to heating interruptions, drug shortages, and meals shortages.
The November wave focused a minimum of a number of hundred recipients in Ukraine, together with the federal government, power firms, and people. It is at the moment not identified how the goal record was created.
“What’s fascinating to notice is that the e-mail was despatched from a website masquerading because the Ministry of Agrarian Coverage and Meals of Ukraine, whereas the content material is about drug shortages and the PDF is misusing the brand of the Ministry of Well being of Ukraine,” ESET stated in a report shared with The Hacker Information.
“It’s probably a mistake from the attackers or, not less than, exhibits they didn’t care about all particulars.”
The second disinformation e-mail marketing campaign that commenced on December 25, 2023, is notable for increasing its concentrating on past Ukraine to incorporate Ukrainian audio system in different European nations owing to the truth that all of the messages are in Ukrainian.
These messages, whereas wishing recipients a contented vacation season, additionally adopted a darker tone, going so far as to recommend that they ampute considered one of their arms or legs to keep away from army deployment. “A few minutes of ache, however then a contented life!,” the e-mail goes.
ESET stated one of many domains used to propagate the phishing emails in December 2023, infonotification[.]com, additionally engaged in sending lots of of spam messages starting January 7, 2024, redirecting potential victims to a pretend Canadian pharmacy web site.
It is precisely unclear why this e-mail server was repurposed to propagate a pharmacy rip-off, nevertheless it’s suspected that the risk actors determined to monetize their infrastructure for monetary achieve after realizing that their domains have been detected by defenders.
“Operation Texonto exhibits yet one more use of applied sciences to attempt to affect the battle,” the corporate stated.
The event comes as Meta, in its quarterly Adversarial Menace Report, stated it took down three networks throughout its platforms originating from China, Myanmar, and Ukraine that engaged in coordinated inauthentic habits (CIB).
Whereas not one of the networks have been from Russia, social media analytics agency Graphika stated posting volumes by Russian state-controlled media has declined 55% from pre-war ranges and engagement has plummeted 94% in comparison with two years in the past.
“Russian state media shops have elevated their deal with non-political infotainment content material and self-promotional narratives about Russia for the reason that begin of the battle,” it stated. “This might mirror a wider off-platform effort to cater to home Russian audiences after a number of Western nations blocked the shops in 2022.”
