Also the structures that work together with NATO have ended up in the crosshairs of Russian hackers: reveals a TAG report (Thread Analysis Group) of Google. It is not known if the attempts have been successful, but it is certain that there have been in the course of last two weeks. The group held responsible was identified in Coldriveralso known as Calisto.
The hacker collective has launched phishing campaigns against US-based non-governmental organizations, soldiers from an unspecified Balkan country and defense contractor based in Ukraine. For the first timeHowever, the Google TAG noted an activity of the group aimed at the military corps of many Eastern European countries and at a NATO Center of Excellence.
The phishing campaigns were carried out using new Gmail accounts to send fraudulent emails to non-Google accounts, for this reason the TAG is unable to determine what the success rate of the attacks was. However, Google points out that it has not noticed any compromised Gmail accounts as part of these campaigns.
The news cannot go unnoticed in the context of the Russian-Ukrainian conflict against the backdrop of the increasingly tense relations between Russia and the countries of the Atlantic Alliance.
However, it is NATO itself that provides the data to give due weight to Coldriver’s actions: first of all with the clarification that “NATO’s Centers of Excellence work together with the Alliance but are not part of NATO as such“, then adding that he is in contact with the structure to investigate the problem, and finally remembering that attack attempts occur on a daily basis (nothing exceptional, unfortunately).
Attention to Coldriver / Calisto remains high, also because it is an old acquaintance: in 2019 the F-Secure researchers had described it as a subject interested in acquiring information on foreign and security policy in Europe. The moves of Russian hackers in the current geopolitical scenario are not underestimated even by the United States which is developing further defense systems.