Ukraine’s Computer Emergency Response Team (CERT-UA) is warning of new phishing attacks targeting Ukrainian citizens through compromised email accounts belonging to three different Indian entities.
The attacks were aimed at stealing sensitive information from compromised accounts. The malicious emails are sent by “muthuprakash.b@tvsrubber[.]com” and used the subject line “Увага” (translates “Attention”) and claimed to be from a domestic email service called Ukr.net.
TVS Rubber is an India-based automotive company that was previously compromised by the threat actors behind this campaign.
The messages are crafted to trick the recipients into clicking on a link (hxxp://consumerspanel.frge[.]io/) to change their passwords due to an alleged unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk.
“Once you have clicked the link and enter your password, it gets to the attackers. In this way the attackers have access to the email accounts of Ukrainian citizens.” reads the CERT-UA’s alert.
CERT-UA later added that it detected an additional 20 email addresses that were used in the campaign.
“A list of e-mail addresses has been formed from which the malicious messages are sent to compromise the accounts of Ukrainian citizens.” reads the second alert published by CERT-UA. “All these mailboxes are compromised and are used by the special services of the Russian Federation to conduct cyber attacks against Ukrainian citizens.”
(SecurityAffairs – hacking, Ukraine)