Russia’s digital warriors adapt to support the war effort in Ukraine … – CyberScoop

Russian and pro-Russian operatives continue to modify their hacking and influence operations aimed at Ukraine to extract intelligence and sway public opinion in favor of the war, Google researchers said in a report released Wednesday. The latest tactics include promoting highly produced YouTube videos as well as more traditional phishing campaigns.

Roughly 14 months after the Russian invasion of Ukraine, the cyber components of the Russian onslaught continues with nearly 60% of Russian-backed phishing campaigns targeting Ukraine, Billy Leonard, a security engineer with the Google Threat Analysis Group, wrote in an update on the most notable hacking campaigns the company observed between January and March of 2023.

The latest report includes new information operations from Russias elite hacking units as well as work from a group believed to be Belarusian, a staunch Russian ally. From traditional credential and intelligence gathering efforts to information operations aimed abroad and at Russian audiences to glorify war efforts, the ongoing cyber operations remain active and show signs of adaptations and new techniques, Leonard wrote.

One of Russias most prolific and elite hacking groups known widely as Sandworm, but tracked by Google as FROZENBARENTS continues to focus heavily on the war in Ukraine with campaigns spanning intelligence collection, IO, and leaking hacked data through Telegram, Leonard wrote. Believed to operate out of Russian Armed Forces Main Directorate of the General Staff, or GRU, Unit 74455, the group known best for its multiple successful Ukrainian power grid attacks and the NotPetya malware that racked up more than $10 billion in global damages maintains its perch atop the Russian-backed offensive hacking ecosystem.

FROZENBARENTS remains the most versatile GRU cyber actor with offensive capabilities including credential phishing, mobile activity, malware, external exploitation of services, and beyond, Leonard wrote. They target sectors of interest for Russian intelligence collection including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

The group continues to exploit EXIM mail servers around the world, Leonard wrote, a tactic it has employed since 2019, according to a 2020 NSA advisory. Once compromised, the hosts have been observed accessing victim networks, interacting with victim accounts, sending malicious emails, and engaged in information operations (IO) activity.

FROZENBARENTS has also continued to target organizations associated with the Caspian Pipeline Consortium (CPC), one of the largest oil pipelines in the world that transports crude oil from Kazakhstan across Russian territory to the Black Sea, Leonard wrote. The group has targeted a range of unnamed Eastern European energy sector organizations using fake Windows update packages on a domain spoofing CPC that, if executed, loaded a variation of the Rhadamanthys malware that could then exfiltrate stored credentials, including browser cookies.

Dating back to December 2022, the group has also launced multiple waves of credential theft campaigns targeting Ukrainian defense industry, military and Ukr.net mail users, Leonard wrote.

The group has also been active in the information operation space, he said, creating online personas to push pro-Russian news and narratives and leak stolen data, Leonard wrote, such as the persona CyberArmyofRussia, or CyberArmyofRussia_Reborn.

Both the YouTube channel for CyberArmyofRussia, or CyberArmyofRussia_Reborn which was pulled down upon notification and the Instagram account had minimal engagement and a negligible number of subscribers or followers, Leonard wrote. The groups Telegram channel, launched April 1, 2022, remains robust, with frequent posts for nearly 23,000 subscribers. Google researchers assess that the channel was created and controlled by the elite hacking unit.

In several recent incidents, FROZENBARENTS compromised a webserver of the target organization and uploaded a webshell to maintain persistent access to the compromised system, Leonard wrote. The attackers then deployed Adminer, a single file PHP script for managing databases, to exfiltrate data of interest. Shortly after exfiltration, the data appeared on the CyberArmyofRussia_Reborn Telegram channel.

In another information operation, the Internet Research Agency notorious for its efforts to shape domestic U.S. opinion ahead of the 2016 presidential elections produced a series of YouTube Shorts, short-form videos akin to TikTok or Instagrams Reels. The group has focused particularly on narratives supportive of Russia and the business interests of Russian oligarch Yevgeny Prigozhin, especially the Wagner Group, Leonard wrote.

The U.S. Department of Justice indicted Prigozhin, a longtime associate of Russian President Vladimir Putin, in 2018 for his role in the IRA interference operation. He is currently wanted by the FBI.

The group was also promoting a new film by Aurum LLC, a film company partially owned by Prigozhin. This movie has a high production value and communicates narratives portraying the Wagner Group in a positive light, Leonard wrote.

Altogether, Moscow continues to leverage the full spectrum of information operationsfrom overt state-backed media to covert platforms and accountsto shape public perception of the war in Ukraine, Leonard wrote.

Smaller campaigns from other hacking groups caught Googles eye as well.

Another operation attributed to the GRU as well but perhaps a unit other than FROZENBARENTS has since April 2022 maintained a Telegram channel to promote and amplify narratives related to the use of biological weapons in Ukraine and how the United States is responsible for the proliferation of biological weapons around the world, Leonard wrote. This campaign involves a Russian-language Telegram channel and an English Substack newsletter, which has published only once.

APT28 known widely as Fancy Bear, and tracked as FROZENLAKE sent multiple large waves of phishing emails to hundreds of users in Ukraine in February and March, Leonard wrote. Part of the effort involved reflected cross-site scripting (XSS) on multiple Ukrainian websites, which represents a new tactic for the group.

A Belarusian-linked hacking campaign tracked as PUSCHA by Google but sometimes called UNC1151 andlinked to Belarus by Mandiantin November 2021 has consistently targeted users in Ukraine and neighboring countries throughout the war, Leonard wrote, typically targeting the i.ua and meta.ua webmail services. Leonard described the phishing campaigns as targeted, and focused on small numbers of users in Ukraine.

Written by AJ VicensAJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

View post:
Russia's digital warriors adapt to support the war effort in Ukraine ... - CyberScoop

The Latest: G7 to focus on Ukraine and Iran on first full day of meetings - WAVY.com - June 16th, 2026 [June 16th, 2026]
Starmer vows new sanctions on Russia and nuclear energy support for Ukraine - The Guardian - June 16th, 2026 [June 16th, 2026]
G7 summit 2026 live: Trump to discuss Iran and Ukraine with world leaders - Reuters - June 16th, 2026 [June 16th, 2026]
Ukraine Is a Step Closer to Joining the European Union. Heres What to Know - Time Magazine - June 16th, 2026 [June 16th, 2026]
Trump is turning his attention back to Ukraine and Kyivs allies are worried - politico.eu - June 16th, 2026 [June 16th, 2026]
Russias war of aggression against Ukraine: new EU sanctions target energy revenues, the military-industrial complex, propaganda and human rights... - June 16th, 2026 [June 16th, 2026]
Ukraine is winning the drone war. Now it needs to win over Trump. - Politico - June 16th, 2026 [June 16th, 2026]
Russias overwhelming manpower advantage against Ukraine is starting to wane - CNN - June 16th, 2026 [June 16th, 2026]
With Its Biggest E.U. Opponent Gone, Ukraine Is Advancing in Its Bid to Join - The New York Times - June 16th, 2026 [June 16th, 2026]
Ukraine's newest attack drones are delivering the kind of strikes that its HIMARS couldn't for years - Business Insider - June 16th, 2026 [June 16th, 2026]
How Ukraine Uses A.I. to Knock Deadly Russian Drones Out of the Skies - The New York Times - June 16th, 2026 [June 16th, 2026]
Trump reportedly tells Putin he is prepared to help end war in Ukraine - The Guardian - June 16th, 2026 [June 16th, 2026]
Europeans to test Trump on Iran deal risks, urge Ukraine rethink at G7 - Reuters - June 16th, 2026 [June 16th, 2026]
This Is Not Just Ukraine: The Global Danger of Normalising Russias Occupation Crimes - Global Issues.org - June 16th, 2026 [June 16th, 2026]
The World According to Putin: No Deal on Ukraine in Sight - Carnegie Endowment for International Peace - June 16th, 2026 [June 16th, 2026]
Russia is losing the war in Ukraine, and Putin is desperate. But thats when hes at his most dangerous | Simon Tisdall - The Guardian - June 16th, 2026 [June 16th, 2026]
G7 leaders open summit talks on Ukraine and the Middle East as Zelenskyy joins in France - AP News - June 16th, 2026 [June 16th, 2026]
The Latest: G7 to focus on Ukraine and Iran on first full day of meetings - AP News - June 16th, 2026 [June 16th, 2026]
Ukraine's Zelenskiy says he offered to meet Putin at G7 or the U.S. - Reuters - June 16th, 2026 [June 16th, 2026]
Ukraine starts EU membership talks and faces years of reforms while fighting Russia - AP News - June 16th, 2026 [June 16th, 2026]
Zelensky meets with G7 leaders behind closed doors to discuss the war in Ukraine - New York Post - June 16th, 2026 [June 16th, 2026]
Britain to supply Ukraine with more nuclear fuel - The Telegraph - June 16th, 2026 [June 16th, 2026]
G7 Leaders Open Summit Talks on Ukraine and the Middle East as Zelenskyy Joins in France - Asharq Al-Awsat English - June 16th, 2026 [June 16th, 2026]
Russian central bank chief who threatened to quit over Ukraine war not seen in public for three weeks - The Independent - June 16th, 2026 [June 16th, 2026]
The War in Ukraine Has Now Gone On Longer Than World War I - The New York Times - June 12th, 2026 [June 12th, 2026]
Ukraine has taught the world how to kill again - The Telegraph - June 12th, 2026 [June 12th, 2026]
NATO is learning from Ukraine that a lot of good-enough weapons today beat a few perfect ones that come too late - Business Insider - June 12th, 2026 [June 12th, 2026]
Ukraine is transplanting its industrial heart to the west - The Economist - June 12th, 2026 [June 12th, 2026]
Ukraine, Iran, and the strains on Russian and American power - Brookings - June 12th, 2026 [June 12th, 2026]
World chess body suspends Russia over activities in occupied-Ukraine - Al Jazeera - June 12th, 2026 [June 12th, 2026]
Ukraine Is Not Losing. Russia Is Not Winning. - The Atlantic - June 12th, 2026 [June 12th, 2026]
Everyone can know what is happening in Ukraine, but to feel it? - Vogue - June 12th, 2026 [June 12th, 2026]
Iran and Ukraine loom over G7 as France accommodates Trump - Reuters - June 12th, 2026 [June 12th, 2026]
Ukraine hits fuel supplies to Crimea, sparking a fuel crisis on the Russian-held peninsula - AP News - June 12th, 2026 [June 12th, 2026]
Ukraine war has lasted longer than WWI as bloodshed reaches grim milestone with no end in sight - New York Post - June 12th, 2026 [June 12th, 2026]
Dominique de Villepin on Iran, Ukraine and the stakes of the G7 summit - CNN - June 12th, 2026 [June 12th, 2026]
Has Russia given up on Kinburn Spit, its westernmost foothold in Ukraine? - France 24 - June 12th, 2026 [June 12th, 2026]
War Has Isolated Communities Across Ukraine. Mobile Clinics Are Reaching Them. - Project HOPE - June 12th, 2026 [June 12th, 2026]
Poland Demands Full Reimbursement for Ukraine Weapon Aid What Happened? - Kyiv Post - June 12th, 2026 [June 12th, 2026]
Ukraine war now longer than the first world war the similarities are unsettling - The Conversation - June 12th, 2026 [June 12th, 2026]
Ukraines Third Army Corps Says It Halted Russian Advances While Reinventing How Ukraine Fights - Kyiv Post - June 12th, 2026 [June 12th, 2026]
Ukraine war latest: Russia's oil output falls to one-year low amid Ukrainian strikes - The Kyiv Independent - June 12th, 2026 [June 12th, 2026]
Russia's war on Ukraine: the new, the old, and the immutable - The Kyiv Independent - June 12th, 2026 [June 12th, 2026]
Putin rejects Zelenskyys offer to meet and reaffirms Ukraine war aims - The Guardian - June 12th, 2026 [June 12th, 2026]
More than half of Poles view Ukraine more negatively due to military unit name controversy, poll shows - The Kyiv Independent - June 12th, 2026 [June 12th, 2026]
Putin says there is 'no point' meeting Zelensky over ending Ukraine war - BBC - June 12th, 2026 [June 12th, 2026]
Trump Hits the Stalemate Phase of His Interventions in Gaza, Ukraine and Now Iran - The New York Times - June 1st, 2026 [June 1st, 2026]
Ukraine hits Russian energy targets and denies striking Kremlin-occupied nuclear plant - Dallas News - June 1st, 2026 [June 1st, 2026]
Ukraine turns real-life kills into video game thrills for drone pilots - The Washington Post - June 1st, 2026 [June 1st, 2026]
Robots are redefining the war in Ukraine and forcing Russia onto the back foot - CNN - June 1st, 2026 [June 1st, 2026]
Ukraine war briefing: Kyiv denies its drone hit Zaporizhzhia nuclear plant - The Guardian - June 1st, 2026 [June 1st, 2026]
Ukraine's Zelenskiy seeks progress on peace talks before winter - Reuters - June 1st, 2026 [June 1st, 2026]
Lukashenko says Belarus has 'major' target in Ukraine in its sights - The Kyiv Independent - June 1st, 2026 [June 1st, 2026]
How Ukraine turned the tide against Russia - The Hill - June 1st, 2026 [June 1st, 2026]
Ukraine using AI drones to strike vital convoys supplying Russian troops - BBC - June 1st, 2026 [June 1st, 2026]
What If Putin Uses a Tactical Nuke in Ukraine? - Eyes Only with Wes O'Donnell - June 1st, 2026 [June 1st, 2026]
Concerns mount that Belarus could be a launchpad for a new Russian offensive in Ukraine - AP News - June 1st, 2026 [June 1st, 2026]
Ukraine hits pipeline, refinery and fuel depot in overnight strikes on Russia - The Japan Times - June 1st, 2026 [June 1st, 2026]
Ukraine Has Gained the Upper Hand Over Russia - Newsweek - June 1st, 2026 [June 1st, 2026]
Operation Jailbreak uses lessons from Ukraine to help weapons talk to each other - Financial Times - June 1st, 2026 [June 1st, 2026]
Ukraine hits Russian energy targets and denies striking Kremlin-occupied nuclear plant - TelegraphHerald.com - June 1st, 2026 [June 1st, 2026]
Ukraine has a war lesson for NATO forces: Drone units need to be constantly on the move with command centers buried deep - Business Insider - June 1st, 2026 [June 1st, 2026]
Ukraine hits Russian energy targets and denies striking Kremlin-occupied nuclear plant - AP News - June 1st, 2026 [June 1st, 2026]
Can the EU find a Russia whisperer to mediate an end to the war in Ukraine? - BBC - June 1st, 2026 [June 1st, 2026]
Ukraine hits Russian energy targets and denies striking Kremlin-occupied nuclear plant - Carolina Coast Online - June 1st, 2026 [June 1st, 2026]
Why Ukraine Proposes a Joint Historical Commission With Israel - The Times of Israel - June 1st, 2026 [June 1st, 2026]
Ukraine has limited window for negotiations with Russia, Zelensky says - The Kyiv Independent - June 1st, 2026 [June 1st, 2026]
President of Ukraine on ongoing war with Russia - kyma.com - June 1st, 2026 [June 1st, 2026]
Putin's cabal must be brought to trial for crimes in Ukraine. With this plan, the world can do that | Gordon Brown - The Guardian - June 1st, 2026 [June 1st, 2026]
Highway to Hell: Ukraine's Logistics Lockdown, Taiwans Littoral Command and Chinas Evolving Nuclear Capability. The Big Five, 31 May edition. - Futura... - June 1st, 2026 [June 1st, 2026]
Lukashenko Threatens Ukraine With Strike on One Very Serious Target - UNITED24 Media - June 1st, 2026 [June 1st, 2026]
Poland vs. Ukraine Lineups, Score, Live Streams, TV Channels, How and Where to Watch - Athlon Sports - June 1st, 2026 [June 1st, 2026]
Ukraine: A security community instead of an associate membership waiting game - Table.Briefings - June 1st, 2026 [June 1st, 2026]
Angela Merkel wont be negotiating with Putin but the rumour reflects a truth about the Ukraine war | Nathalie Tocci - The Guardian - May 25th, 2026 [May 25th, 2026]
Russia pounds Kyiv in powerful drone and missile attack - NPR - May 25th, 2026 [May 25th, 2026]
In Ukraine, a Divisive 20th-Century Hero Comes Home - The New York Times - May 25th, 2026 [May 25th, 2026]
How Ukraine Found the Cards To Win, Without Help From the U.S. - Time Magazine - May 25th, 2026 [May 25th, 2026]
I go out to shout at Russia: the mental health crisis haunting Ukraine - The Times - May 25th, 2026 [May 25th, 2026]
How the War in Iran Helped Ukraine Go From Problem to Solution - WSJ - May 25th, 2026 [May 25th, 2026]
At least 2 dead, 83 wounded after Russia uses nuclear-capable missile in massive attack on Ukraine - CBS News - May 25th, 2026 [May 25th, 2026]

April 19th, 2023

No comments yet

Comments are closed.

Mediaboss Marketing

Russia’s digital warriors adapt to support the war effort in Ukraine … – CyberScoop

About

Pages

Categories

Media Sites

Recommended Sites

Archives