A new phishing campaign capitalising on Russian civilians’ enlistment fears is underway. To support the war with Ukraine, the Russian government is seeking to enlist more civilians into the military.
To gain an insight into this new threat, Digital Journal spoke with Joe Gallop, Intelligence Analysis Manager at Cofense.
Gallop observes how cybercriminals are exploiting the conflict situation: “As the anniversary of the Ukraine invasion approaches, phishing threat actors have reportedly played on Russian enlistment fears in new phishing attacks.”
In terms of the issue: “The threat actors reportedly sent messages with malicious links that directed unsuspecting Russian citizens to a phishing website supposedly containing a list of people who could be drafted into the Russian army. Phishing attacks are ultimately emotional, and this campaign is no different.”
Moreover, the tactics involved include: “Threat actors employed social engineering to capitalize on enlistment fears, making it more likely for individuals to overlook the common signals of a phishing email, including urgent language and grammatical errors.”
For the specifics, Gallop finds: “This phishing campaign used Telegram bots to harvest personal data from victims. Telegram bots have become a popular choice for threat actors as they are a low-cost or free single-pane-of-glass solution.”
The issue exploits vulnerabilities around Telegram: “According to a recent Cofense Intelligence report, the utilization of Telegram bots as exfiltration destinations for phished information increased by more than 800 percent between 2021 and 2022. Telegram bots are easy to set up in private and group chats, are compatible with a wide range of programming languages and are easy to integrate into malicious media such as malware or credential phishing kits.”
There are measures that can be taken to prevent these types of attacks. Gallop sketches these out as: “To prevent future phishing attacks, organizations must take the necessary steps to train users to recognize phishing emails, give the users a simple way to report those phishing emails, and provide security personnel with the tools and intelligence needed to quickly analyze and remove them.”
Gallop adds: “One specific mitigation opportunity for cases like this is to set policies regarding the use of api[.]telegram[.]org (the domain used by programmers to communicate with bots). Adopting actionable intelligence that gives visibility into the risk factors in your network and immediately and decisively responds to phishing threats will help keep malicious actors at bay and ensure the protection of sensitive data.”