Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google, EU Warn of Malicious Russian Cyber Activity

Russia-linked Turla threat actor spotted using Android malware for first time

Google and the European Union have issued separate warnings this week over Russian cyberattacks and misinformation campaigns.

Russia-linked Turla threat actor spotted using Android malware for first time

Google and the European Union have issued separate warnings this week over Russian cyberattacks and misinformation campaigns.

According to Google, many Russian groups have been focusing on Ukraine since the start of the war, but the level of Russian activity outside of Ukraine is mostly the same as before the conflict started.

The internet giant has been monitoring Russian activity and it has disrupted some campaigns. The company recently noticed that the threat actor tracked as Turla, which has been linked to Russia’s FSB security service, has started distributing a piece of Android malware.

Google says this is the first time Turla has been spotted using Android malware. In April, researchers at Lab52 did report coming across a new Android malware that had used Turla-linked infrastructure, but they could not attribute it to the group.

The Android app distributed recently by Turla was hosted on a domain spoofing the Ukrainian Azov Regiment. The app claimed to allow users to launch denial-of-service (DoS) attacks against Russian websites, but in reality it only sent a single request to the targeted site.

The app, which only had a “minuscule” number of installs, is believed to have been inspired by an Android app created by pro-Ukraine developers that did launch DoS attacks against Russian websites.

Google has also seen at least two Russian state-sponsored threat groups — APT28 and Sandworm — exploiting the recently disclosed Windows vulnerability tracked as Follina. Profit-driven cybercriminals have also been exploiting Follina, as the number of attacks targeting Ukraine has increased.

Advertisement. Scroll to continue reading.

The company has also observed misinformation campaigns conducted by the Belarus-linked Ghostwriter (UNC1151) group, as well as phishing attacks launched by the Coldriver (Callisto) group against government and defense officials, politicians, NGOs, think tanks, and journalists.

The European Union has warned member states about a significant increase in malicious cyber activities since Russia initiated its invasion of Ukraine. In a statement, the Council of the EU highlighted the January attacks on Ukrainian websites and systems, the attack against Viasat’s KA-SAT network, and the DDoS attacks launched by pro-Russian hackers against member states (Norway and Lithuania).

“Russia’s unprovoked and unjustified military aggression against Ukraine has been accompanied by a significant increase of malicious cyber activities, including by a striking and concerning number of hackers and hacker groups indiscriminately targeting essential entities globally,” the Council of the EU said. “This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation.”

Cybersecurity firm Palo Alto Networks has also analyzed some attacks believed to have been conducted by Russian threat actors. The company has observed a campaign by Cloaked Ursa (APT29, Nobelium and Cozy Bear) that appears to have targeted several Western diplomatic missions between May and June 2022, including foreign embassies in Portugal and Brazil.

In this campaign, the attackers leveraged popular online storage services such as Google Drive and Dropbox to avoid detection.

Related: Russia Coordinating Cyberattacks With Military Strikes in Ukraine

Related: Russia, Ukraine and the Danger of a Global Cyberwar

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...