Russian Spear Phishing Campaigns Target NATO Entities

Russian Spear Phishing CampaignsResearchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear phishing attacks. APT29 in particular has been targeting the technology sector in order to launch supply chain attacks.

“Publicly attributed to the Russian Foreign Intelligence Services (SVR) by several governments, APT29 is heavily focused on diplomatic and political intelligence collection, principally targeting Europe and NATO member states,” the researchers write.

“APT29 has been involved in multiple high-profile breaches of technology firms that were designed to provide access to the public sector. In the past year, Mandiant has observed APT29 targeting technology companies and IT service providers in NATO member countries to facilitate third-party and software supply chain compromises of government and policy organizations. The actor is extremely adept in cloud environments and particularly focused on covering their tracks, making them hard to detect and track, and especially difficult to expel from compromised networks.”

The threat actor frequently launches targeted phishing attacks against NATO diplomatic entities.

“APT29 also has a long history of spear-phishing campaigns against NATO members with a focus on diplomatic entities,” Mandiant says. “The actor has successfully breached executive agencies across Europe and the U.S. on several occasions. We have also seen them actively targeting political parties in Germany as well as in the U.S. with the likely objective of collecting intelligence on future government policy.”

Mandiant also warns that a separate Russian threat actor dubbed “COLDRIVER” is conducting credential phishing campaigns against various individuals and organizations associated with NATO.

“COLDRIVER is a Russian cyber espionage actor that has been publicly linked to Russia's domestic intelligence agency, the Federal Security Service (FSB),” the researchers write.

“The actor regularly carries out credential phishing campaigns against high-profile individuals in non-governmental organizations (NGOs) as well as former intelligence and military officers....COLDRIVER primarily targets NATO countries and shifted in 2022 to include the Ukrainian Government and organizations supporting the war in Ukraine. March 2022 also marked the first time COLDRIVER campaigns targeted the military of multiple European countries as well as a NATO Centre of Excellence.”

Additionally, senior U.S. intelligence officials have disclosed that the Russian government is once again attempting to influence the outcome of the U.S. presidential election, this time focusing on the 2024 race. While not explicitly naming Trump, they indicated that Russia's current activities, including covert social media operations and online propaganda campaigns, mirror their tactics from the 2020 and 2016 election cycles. This revelation is part of a broader landscape of foreign influence operations targeting the United States.

These disclosures underscore the ongoing and diverse threats of foreign interference in American democratic processes and highlight the need for heightened vigilance to safeguard the integrity of the US government.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Google Cloud has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews