Last Updated on 04/03/2022 by Nidhi Khandelwal
Details of a new nation-state-sponsored phishing campaign targeting European government entities have been revealed, with the goal of gathering intelligence on refugee and supply flow in the region.
The social engineering attacks were named “Asylum Ambuscade” by enterprise security firm Proofpoint, which first spotted the malicious emails on February 24, 2022.
Researchers Michael Raggi and Zydeco Cass claimed in a paper published Tuesday that the email included a malicious macro attachment that used social engineering themes relevant to the NATO Security Council’s Emergency Meeting on February 23, 2022.
“The email also included a malicious attachment that attempted to download harmful Lua malware known as SunSeed, which was aimed at European government officials in charge of transportation and people mobility.”
The findings support a warning issued last week by Ukraine’s State Service of Special Communication and Information Protection (DSSZZI), which warned of phishing mails with ZIP file attachments aimed at its military members with the intention of stealing sensitive personal information.
Proofpoint did not connect the newly discovered campaign to a specific threat actor, but highlighted that the timeliness of the two sets of assaults, the phishing lures utilized, and victimology patterns match those of UNC1151, a Belarusian nation-state group (aka TA445 or Ghostwriter).