Ukraine’s CERT-UA warned of phishing campaign aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information.
The emails arrive with the subject line “Увага” -Attention and claim to be from a domestic email service called Ukr.net, the email address of the sender is “muthuprakash.b@tvsrubber[.]com.”
The messages warn the recipients of an unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk, prompting them to click on a link to change their passwords with immediate effect.
TVS Rubber is an automotive company based out of the Indian city of Madurai, suggesting that attacks leveraged an already compromised email account to distribute the phishing emails.
CERT-UA, in an update aftermath, noted that it detected an additional 20 email addresses that were used in the attacks, some of which belong to sysadmins and faculty members at the Ramaiah University of Applied Sciences, an academic institution located in Bengaluru.
It also included email address from another India-based automotive company called Hodek Vibration Technologies Pvt. Ltd., which designs and manufactures dampers for cars, light and heavy commercial vehicles.
“All these mailboxes have been compromised and are being used by the Russian Federation’s special services to carry out cyberattacks on Ukrainian citizens,” the agency said.
The development comes as the NATO nations unanimously voted to admit Ukraine to the Cooperative Cyber Defence Centre of Excellence as a “Contributing Participant,” as Russia’s military invasion of the country continued well into the second week and cyber attacks have rained down on government and commercial targets.