Ukraine’s Computer Emergency Response Team (CERT-UA) warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information.
The agency cautioned that the emails arrive with the subject line “Увага” (meaning “Attention”) and claim to be from a domestic email service called Ukr.net, when in actuality, the email address of the sender is “[email protected][.]com.”
The messages purportedly warn the recipients of an unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk, further prompting them to click on a link to change their passwords with immediate effect.
“After following the link and entering the password, it gets to the attackers,” CERT-UA noted in a Facebook post over the weekend. “In this way, they gain access to the email inboxes of Ukrainian citizens.”
Interestingly, TVS Rubber is an automotive company based out of the Indian city of Madurai, suggesting that attacks leveraged an already compromised email account to distribute the phishing emails.
CERT-UA, in a subsequent update, noted that it detected an additional 20 email addresses that were used in the attacks, some of which belong to sysadmins and faculty members at the Ramaiah University of Applied Sciences, an academic institution located in the Indian city of Bengaluru.
Also included in the list is an email address from another India-based automotive company called Hodek Vibration Technologies Pvt. Ltd., which designs and manufactures dampers for cars, light and heavy commercial vehicles.
“All these mailboxes have been compromised and are being used by the Russian Federation’s special services to carry out cyberattacks on Ukrainian citizens,” the agency said.
The development comes as the NATO nations unanimously voted to admit Ukraine to the Cooperative Cyber Defence Centre of Excellence (CCDCOE) as a “Contributing Participant,” as Russia’s military invasion of the country continued well into the second week and cyber attacks have rained down on government and commercial targets.
“Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations. Ukraine could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training,” Col Jaak Tarien, director of CCDCOE, said in a statement.