Ukraine’s Computer Emergency Response Team-UA warned about new phishing attempts aimed at citizens. They leveraged compromised email accounts of three Indian entities to steal sensitive information and compromise their inboxes.
The agency cautioned that the emails arrive with the subject line “Uvaga” (meaning “Attention”) and claim to be from a domestic email service called Ukr.net, when in actuality, the email address of the sender is “muthuprakash.b@tvsrubber[.]com. “
The messages purportedly warned the recipients that an unauthorised attempt was made to log into their accounts using an IP address located in Donetsk (an eastern Ukrainian city). They also encouraged them to click the link to modify their passwords immediately.
” By following the link, and then entering the password it gets to attackers,” CERT UA wrote in a post on Facebook over the weekend. “In this way, they gain access to the email inboxes of Ukrainian citizens. “
Interestingly, TVS Rubber is an automotive company based out of the Indian city of Madurai, suggesting that attacks leveraged an already compromised email account to distribute the phishing emails.
CERT-UA, in a subsequent update, noted that it detected an additional 20 email addresses that were used in the attacks, some of which belong to sysadmins and faculty members at the Ramaiah University of Applied Sciences, an academic institution located in the Indian city of Bengaluru.
An email address belonging to another Indian automotive company, Hodek Vibration Technology Pvt. is also included. Ltd., which designs and manufactures dampers for cars, light and heavy commercial vehicles, and other industrial equipment.
“All these mailboxes have been compromised and are being used by the Russian Federation’s special services to carry out cyberattacks on Ukrainian citizens,” the agency said.
This development came as NATO countries unanimously voted for Ukraine admission to the Cooperative Cyber Defence Centre of Excellence, (CCDCOE), as a “Contributing Participants.” The Russian military invasion of Ukraine continued into the second week. Cyber attacks on commercial and government targets have also been ongoing.
“Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations. Ukraine could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training,” Col Jaak Tarien, director of CCDCOE, said in a statement.