A new phishing attack could be exploiting the Ukraine crisis to target European government officials, Proofpoint has revealed.
Cyber security company Proofpoint has identified a likely state-sponsored phishing campaign potentially using a compromised Ukrainian armed service member’s email account to target European government personnel involved in assisting refugees fleeing war-torn Ukraine.
The email reportedly included a malicious macro attachment designed to bait recipients into downloading a Lua-based malware, known as SunSeed.
According to Proofpoint, the attack resembles a previous campaign identified in July 2021, suggesting the same malicious actor could be responsible for this latest campaign.
The identification of this latest phishing campaign follows warnings from the Ukrainian Computer Emergency Response Team (CERT-UA) and the State Service of Special Communications and Information Protection of Ukraine.
The agencies have flagged attacks targeting private email accounts of Ukrainian armed service members by “UNC1151”, monitored by Proofpoint as part of its tracking of threat actor TA445, reportedly based in Belarus.