Skip to main content

Amazon

-

 

Amazon: Charities, aid orgs in Ukraine attacked with malware

Malware Ukraine

Charities and non-governmental organizations (NGOs) providing support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia's war.

Amazon did not name the organizations targeted in these attacks in a blog post published on Friday.

"While we are seeing an increase in activity of malicious state actors, we are also seeing a higher operational tempo by other malicious actors.," Amazon said.

"We have seen several situations where malware has been specifically targeted at charities, NGOs, and other aid organizations in order to spread confusion and cause disruption.

"In these particularly egregious cases, malware has been targeted at disrupting medical supplies, food, and clothing relief."

The company said it's working with the employees of multiple NGOs, charities, and aid organizations on humanitarian relief in Ukraine, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.

Phishing attacks against European refugee helpers

Proofpoint researchers spotted a similar activity, observing spear-phishing attacks targeting European government personnel involved in logistics support for Ukrainian refugees.

Emails sent in the attacks delivered malicious macro attachments that would download a Lua-based malware dubbed SunSeed, used to deliver additional payloads onto compromised devices.

The campaign, tracked as Asylum Ambuscade, targeted only NATO entities using the compromised email account of a Ukrainian armed service member.

Based on the infection chain, it aligns and is likely related to July 2021 phishing attacks linked to the Ghostwriter Belarusian threat group (also known as TA445 or UNC1151).

Facebook and the Computer Emergency Response Team of Ukraine (CERT-UA) also warned of Ghostwriter phishing campaigns against Ukrainian officials and military personnel.

Before Russia's invasion, the Ukrainian Security Service (SSU) said the country was being hit by a "massive wave of hybrid warfare." 

This deluge of attacks included DDoS attacks against Ukrainian government agencies and state banks, phishing targeting the Ukrainian military, as well as multiple series of destructive malware attacks [1, 2].

Update: Made it clearer that Amazon did not name any of the targeted organizations.

Related Articles:

Microsoft: Ukraine hit with FoxBlade malware hours before invasion

Russia-Ukraine war exploited as lure for malware distribution

Phishing attacks target countries aiding Ukrainian refugees

New worm and data wiper malware seen hitting Ukrainian networks

CISA and FBI warn of potential data wiping attacks spillover


microsoft365.com/setup

microsoft365.com setup

microsoft365

office365.com

Comments

Post a Comment

Popular posts from this blog

NY OAG warns

-
Image
NY OAG warns T-Mobile data breach victims of identity theft risks The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web. The alert comes after individuals impacted in the incident were notified by identity theft protection services that their info was found online, demonstrating that affected consumers are now at heightened risk for identity theft. "Information stolen in a massive data breach has fallen into the wrong hands and is circulating on the dark web," said New York Attorney General Letitia James. "The guidance offered by my office can help prevent identity theft. I advise all New Yorkers to maintain their financial safety by following the guidance my office has laid out." NY OAG's guidance advises consumers at risk to use credit monitoring services to be alerted within 24 hours when new c...
Read more

SharkBot malware

-
Image
  SharkBot malware hides as Android antivirus in Google Play SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities. Although the trojan app was far from popular, its presence in Play Store shows that malware distributors can still bypass Google's automatic defenses. The app is still present in Google's store at the moment of writing. The laced Android application that carries SharkBot Publisher details on the Play Store SharkBot was discovered in Google Play by researchers at the NCC Group, who today published a detailed technical analysis of the malware. What can SharkBot do? The malware was first discovered by Cleafy in October 2021. Its most significant feature, which set it apart from other banking trojans, was transfering money via Automatic Transfer Systems (ATS). This was possible by simulating touches, clicks, and button presses on compromised devices. NCC repor...
Read more