The Cyber Incident Response Operations Center of the State Cyber Protection Centre of Ukraine fixates the increase in mass credential harvesting campaigns since the beginning of 2023.

All the detected emails as well as attached files are composed in Russian language, usually include impersonation of the targeted entities and manipulate the password expiring theme, luring the victims to update credentials as soon as possible in order to save account access.

These campaigns have been targeting Asia and Europe regions since August, 2021. The phishing emails attributed to the same activity cluster have been distributed to the Ukrainian corporate email addresses since May, 2022.

The high-level overview of the attack landscape, adversary infrastructure and attack chains of such credential harvesting campaigns are provided in the report.

The Cyber Incident Response Operations Center of the State Cyber Protection Centre of Ukraine underlines the importance of following basic cyber hygiene and cybersecurity guidelines as well as staying informed about the latest threats in order to be able to recognize and avoid phishing scams, especially in corporate environments.

Download pdf.