Cybercriminals, political and other threat actors are trying to exploit the ongoing crisis in Ukraine. Since the start of the Russian invasion in Ukraine, several major software and games developers have fallen victim to cyberattacks. Furthermore, cybersecurity researchers are detecting new waves of fraudulent emails that exploit the humanitarian crisis in Ukraine.
Increased malicious and scam activity exploiting the war in Ukraine
As early as February 25th, 2022, Bitdefender’s anti-spam labs reported the first signs of scammers exploiting Russia’s invasion of Ukraine and the news that Ukrainian citizens are fleeing the country. As expected, hackers tried to take advantage of the ongoing humanitarian crisis for their own financial gain.
Hours after the invasion, the Ukrainian government announced its acceptance of donations in the cryptocurrencies Bitcoin (BTC) and Ethereum (ETH). According to the most recent analyses of blockchain transactions, the ETH wallet received over 18 524 transactions totaling over $9.7 million, while the BTC wallet shows over 9 300 transactions worth $9.4 million. This is the main reason why cybercriminals have enhanced their efforts to redirect any financial aid coming from around the world to their own accounts.
Global crises are well-known for triggering dangerous spam campaigns that exploit human emotions and people’s desire to help. So far, we have seen attackers react very quickly to legitimate announcements from Ukraine and various corporations by mimicking the format of their messages. “We expect the variety of phishing and malware campaigns and the volume of messages sent daily to increase and attackers to adapt their persuasion methods accordingly”, Bitdefender researchers say.
Hackers send emails that entice recipients to send money
The scammers pose as the Ukrainian government, the international humanitarian agency Act for Peace, UNICEF, and other donation collection projects such as the Ukraine Crisis Relief Fund. Following this fraudulent behavior, they forward their pleas for financial assistance to the Ukrainian military and the millions of civilians caught up in the military conflict.
Common subject lines are: “Stand with the People of Ukraine”, “HELP UKRAINE, Stop the War!”, “Ukraine Humanitarian Donation”, “Donate to Ukraine”, “Help Save a Life: Please read”, and “Urgent! Help Children in Ukraine”.
These emails try to invoke the impact on communities in Ukraine and the growing number of refugees fleeing the country in need of supplies and housing. Charity email scams peaked on March 2, 2022, according to a Bitdefender blog post.
One particular campaign, which used the subject line “Stand with the Ukrainian People. We are Now Accepting Donations in Cryptocurrencies. Bitcoin, Ethereum, and [Tether] USDT”, originating from IP addresses in China, reached tens of thousands of inboxes on March 2. Of the scam emails, 25% were directed to users in the UK, 14% in the US, 10% in South Korea, 8% in Japan, 7% in Germany, 4% in Romania, and 2% each in Greece, Finland, and Italy.
Recommendations for all internet users
The fact that cybercriminals and scammers are using the crisis in Ukraine to steal users’ money and spread cyber threats is no surprise to cybersecurity experts. People’s suffering triggers strong emotional responses in the hearts of people around the world, who want to lend a hand to refugees.
Cybersecurity experts urge all internet users to be extra vigilant in these times and practice good cyber hygiene to ensure donated money does not end up in the wrong places:
- Never click on links or attachments in emails or messages asking you to make an urgent donation;
- Donate exclusively to charities, non-profits, and official and trusted fundraisers.
- Check your bank accounts regularly for any suspicious activity or unofficial spending.
- Set up one-time passwords and two-step authentication for all online accounts.
Cyber incidents at Ubisoft, NVIDIA, Samsung, and Vodafone
In the last two weeks, several major developers have fallen victim to cyberattacks. Companies like NVIDIA, Samsung, Vodafone, and Ubisoft have been subject to security breaches not long ago.
Recently, an attack caused temporary disruptions to some Ubisoft game services, but also affected the developer’s internal systems. Ubisoft reported the incident in a short press release statement on the news corner of its website on March 10, 2022.
For now, the company is investigating the security breach with the help of experts to find out how exactly the attack took place and what kind of data and information was stolen. The company notes that user information and accounts were not impacted, so there is no need to reset passwords or strengthen account security—although it is recommended.
While Ubisoft did not share information regarding the attackers, it appears that the same hacking group that recently claimed responsibility for cyber incidents at NVIDIA, Samsung, and Vodafone might have been involved, Security Week reports.
On a Telegram channel supposedly run by the “Lapsus$” extortion group, one of the admins posted a link to a news article on the Ubisoft attack, followed by the smirking face emoji, which may suggest the group is taking responsibility for the breach. In the case of NVIDIA, Samsung, and Vodafone, the hackers claimed to have stolen large amounts of source code.
Two years into the pandemic, we have learned that there is essentially no limit to how low threat actors will go to deceive and obtain financial gains. Without a doubt, cybercriminals will continue to use the war in Ukraine to deploy various attacks on individuals and companies.
