Charities and non-governmental organizations (NGOs) providing support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia's war.
Amazon did not name the organizations targeted in these attacks in a blog post published on Friday.
"While we are seeing an increase in activity of malicious state actors, we are also seeing a higher operational tempo by other malicious actors.," Amazon said.
"We have seen several situations where malware has been specifically targeted at charities, NGOs, and other aid organizations in order to spread confusion and cause disruption.
"In these particularly egregious cases, malware has been targeted at disrupting medical supplies, food, and clothing relief."
The company said it's working with the employees of multiple NGOs, charities, and aid organizations on humanitarian relief in Ukraine, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Phishing attacks against European refugee helpers
Proofpoint researchers spotted a similar activity, observing spear-phishing attacks targeting European government personnel involved in logistics support for Ukrainian refugees.
Emails sent in the attacks delivered malicious macro attachments that would download a Lua-based malware dubbed SunSeed, used to deliver additional payloads onto compromised devices.
The campaign, tracked as Asylum Ambuscade, targeted only NATO entities using the compromised email account of a Ukrainian armed service member.
Based on the infection chain, it aligns and is likely related to July 2021 phishing attacks linked to the Ghostwriter Belarusian threat group (also known as TA445 or UNC1151).
Facebook and the Computer Emergency Response Team of Ukraine (CERT-UA) also warned of Ghostwriter phishing campaigns against Ukrainian officials and military personnel.
Before Russia's invasion, the Ukrainian Security Service (SSU) said the country was being hit by a "massive wave of hybrid warfare."
This deluge of attacks included DDoS attacks against Ukrainian government agencies and state banks, phishing targeting the Ukrainian military, as well as multiple series of destructive malware attacks [1, 2].
Update: Made it clearer that Amazon did not name any of the targeted organizations.
Comments
Amigo-A - 2 years ago
Attach a list of humanitarian supplies and invoices for the goods received.
cybercynic - 2 years ago
Amigo-A: Stick to your malware research/reporting.
Your pro-Russian stance is well-known.
Comrade Putin must be proud of you.
Amigo-A - 2 years ago
When, under the guise of humanitarian aid, they supply weapons, including phosphorus bombs, anti-personnel mines, cluster shells and other prohibited weapons that kill and maim people, then my anti-war stance becomes tougher. Such screamers themselves do not understand that by their lies they become intermediaries in the murders of people.
Drags - 2 years ago
"When, under the guise of humanitarian aid, they supply weapons, including phosphorus bombs, anti-personnel mines, cluster shells and other prohibited weapons that kill and maim people, then my anti-war stance becomes tougher. Such screamers themselves do not understand that by their lies they become intermediaries in the murders of people."
Oh, you mean like when the ammonition storages were found in abandoned Russian military medic vehilces? I do understand that you may not like it, but Russia (Leadership and Military), in this case, are the ones who kill and maim people by bombing Universities, Hospitals and civilian infrastructure such as houses and others. Nevermind the fact that live rounds were fired around a damn Nuclear power station....
cybercynic - 2 years ago
"my anti-war stance"! Hogwash!
You haven't made one comment against the Russian invasion of Ukraine.
Oh, I see! You're only against war when someone attacks Mother Russia. When Russia invades Ukraine, it's a peace-keeping operation.