Security Experts:

Connect with us

Hi, what are you looking for?



Google, EU Warn of Malicious Russian Cyber Activity

Russia-linked Turla threat actor spotted using Android malware for first time

Google and the European Union have issued separate warnings this week over Russian cyberattacks and misinformation campaigns.

Russia-linked Turla threat actor spotted using Android malware for first time

Google and the European Union have issued separate warnings this week over Russian cyberattacks and misinformation campaigns.

According to Google, many Russian groups have been focusing on Ukraine since the start of the war, but the level of Russian activity outside of Ukraine is mostly the same as before the conflict started.

The internet giant has been monitoring Russian activity and it has disrupted some campaigns. The company recently noticed that the threat actor tracked as Turla, which has been linked to Russia’s FSB security service, has started distributing a piece of Android malware.

Google says this is the first time Turla has been spotted using Android malware. In April, researchers at Lab52 did report coming across a new Android malware that had used Turla-linked infrastructure, but they could not attribute it to the group.

The Android app distributed recently by Turla was hosted on a domain spoofing the Ukrainian Azov Regiment. The app claimed to allow users to launch denial-of-service (DoS) attacks against Russian websites, but in reality it only sent a single request to the targeted site.

The app, which only had a “minuscule” number of installs, is believed to have been inspired by an Android app created by pro-Ukraine developers that did launch DoS attacks against Russian websites.

Google has also seen at least two Russian state-sponsored threat groups — APT28 and Sandworm — exploiting the recently disclosed Windows vulnerability tracked as Follina. Profit-driven cybercriminals have also been exploiting Follina, as the number of attacks targeting Ukraine has increased.

The company has also observed misinformation campaigns conducted by the Belarus-linked Ghostwriter (UNC1151) group, as well as phishing attacks launched by the Coldriver (Callisto) group against government and defense officials, politicians, NGOs, think tanks, and journalists.

The European Union has warned member states about a significant increase in malicious cyber activities since Russia initiated its invasion of Ukraine. In a statement, the Council of the EU highlighted the January attacks on Ukrainian websites and systems, the attack against Viasat’s KA-SAT network, and the DDoS attacks launched by pro-Russian hackers against member states (Norway and Lithuania).

“Russia’s unprovoked and unjustified military aggression against Ukraine has been accompanied by a significant increase of malicious cyber activities, including by a striking and concerning number of hackers and hacker groups indiscriminately targeting essential entities globally,” the Council of the EU said. “This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation.”

Cybersecurity firm Palo Alto Networks has also analyzed some attacks believed to have been conducted by Russian threat actors. The company has observed a campaign by Cloaked Ursa (APT29, Nobelium and Cozy Bear) that appears to have targeted several Western diplomatic missions between May and June 2022, including foreign embassies in Portugal and Brazil.

In this campaign, the attackers leveraged popular online storage services such as Google Drive and Dropbox to avoid detection.

Related: Russia Coordinating Cyberattacks With Military Strikes in Ukraine

Related: Russia, Ukraine and the Danger of a Global Cyberwar

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.