- Microsoft sees the fake entrain pages that are distributed in phishing emails
- The attacks aimed at organizations in the West, mainly in critical infrastructure
- The goal was to gather intelligence for the Russian-Ukrainian conflict
Russian piracy campaigns, part of the country’s broader war effort against Ukraine, are becoming more aggressive, Microsoft security researchers have affirmed, after seeing a change in how a specific threat actor, called Void Blizzard, is executing their operations.
Void Blizzard, also known as laundry, would generally buy login credentials on the dark website and use them to get access to IT infrastructure of its objectives. Once inside, the computer pirates exfiled emails, confidential files and commercial data, and would seek means to continue moving laterally throughout the organization.
However, in recent times, the group has changed to buy login credentials to steal them in itself, and to do so it began to falsify the Microsoft login pages.
NATO IN THE LOOK
Microsoft enters is an integral solution of identity and access to the network that many organizations use to ensure access to their digital resources both in the cloud and in the former. Void Blizzard would create false pages using typographic domains and then distribute them to the victims using spear phishing and similar methods.
The victims are mostly small and medium -sized companies (SMB) located in the West, since the “disproportionately” campaign is aimed at organizations in Ukraine and NATO member states, says Microsoft, suggesting that it is actually part of the Russian war against Ukraine, and is designed to collect intelligence of the critical sectors.
That said, most victims are in government, defense, transport, media, NGOs and medical care.
In some cases, computer pirates went to education, telecommunications and law enforcement agencies, with more than 20 NGOs in Europe and North America attacked.
“Void Blizzard is mainly directed to the NATO Member States and Ukraine. Many of the compromised organizations overlap with the past, or, in some cases, concurrent, directing by other known Russian state actors, including Forest Blizzard, Midnight Blizzard and Secret Blizzard,” Microsoft concluded.
“This intersection suggests shared interests to collection of espionage and intelligence assigned to the matrices organizations of these threat actors.”
