Priya PatelTLDR:
- Russian hackers have targeted Ukraine with disinformation and credential-harvesting attacks.
- Cybersecurity researchers from ESET have identified an influence operation called Operation Texonto linked to Russia-aligned threat actors.
In a recent report, cybersecurity researchers have uncovered a new influence operation targeting Ukraine that involves the spread of war-related disinformation through spam emails. The operation, dubbed Operation Texonto, has been linked to Russia-aligned threat actors by Slovak cybersecurity company ESET. This campaign included spear-phishing attacks aimed at a Ukrainian defense company and a European Union agency in late 2023 with the goal of harvesting Microsoft login credentials using fake landing pages.
The disinformation campaign took place over two waves in November and December 2023, with emails containing content related to heating interruptions, drug shortages, and food shortages. The second wave of emails also targeted Ukrainian speakers in other European nations with messages suggesting extreme measures to avoid military deployment.
One of the domains used in the phishing emails in December 2023 was later repurposed to send spam messages redirecting recipients to a fake Canadian pharmacy website. This move indicates a possible shift by threat actors to monetize their infrastructure for financial gain after their original domains were detected.
The development comes as Meta reported taking down three networks from China, Myanmar, and Ukraine engaged in coordinated inauthentic behavior, but none of them were from Russia. Meanwhile, Russian state media outlets have seen a significant decline in posting volumes and engagement levels since the start of the conflict.
Overall, Operation Texonto highlights the use of technology to influence conflicts and showcases the evolving tactics used by threat actors in the cybersecurity landscape.
