IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google uncovers Russian phishing campaign targeting Ukrainian news provider

The tech giant has also recorded repeated DDoS attempts against the Ukrainian government

Russian hackers have conducted several phishing campaigns targeting users of one of Ukraine’s most popular online news providers.

That's according to Google’s Threat Analysis Group (TAG), which has attributed the attacks to the Russia-backed APT28 gang, also known as FancyBear and Strontium.

The phishing emails had been sent from a large number of compromised non-Google accounts, and included links to newly-created, attacker-controlled Blogspot domains, which redirected targets to credential phishing pages with the following domains:

  • id-unconfirmeduser[.]frge[.]io
  • hatdfg-rhgreh684[.]frge[.]io
  • ua-consumerpanel[.]frge[.]io
  • Consumerspanel[.]frge[.]io

The Blogspot domains have since been taken down, Google announced on Monday. The credential phishing pages are flagged as “dangerous” on the Google Chrome browser, as part of Google’s Safe Browsing service. Launched in 2007, the service identifies unsafe websites across the web and notifies users and website owners of potential harm with an attention-grabbing, red warning message.

Google deceptive site warning

FancyBear’s phishing campaign against Ukr.net is just one of many attempts by Russian and Belarusan threat actors to target Ukrainian organisations.

The TAG team has also been tracking the notorious Belarusan hacking group known as Ghostwriter, which it has observed launching phishing attacks against the Ukrainian and Polish governments. 

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

The tech giant has also recorded repeated DDoS attempts against Ukraine’s Ministry of Foreign Affairs, Ministry of Internal Affairs, as well as services like Liveuamap that are designed to help people find information. This has prompted Google to expand the eligibility for its free DDoS protection tool known as Project Shield, which sees Google absorb the influx of “bad traffic” and keep the targeted website online. 

Google said that “over 150 websites in Ukraine, including many news organisations, are using the service” and encouraged “all eligible organisations to register for Project Shield”.

Eligibility is determined on a rolling basis, with Google accepting Google Account holders that manage or own a website in the news, human rights and political sectors. 

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022