Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google: Russian Phishing Attacks Target NATO, European Military

Google: Russian Phishing Attacks Target NATO, European Military

The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia’s war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks.

The report’s highlight are credential phishing attacks coordinated by a Russian-based threat group tracked as COLDRIVER against a NATO Centre of Excellence and Eastern European militaries.

The Russian hackers also targeted a Ukrainian defense contractor and several US-based non-governmental organizations (NGOs) and think tanks.

“Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links,” Google TAG Security Engineer Billy Leonard said.

Also Read: Is it Illegal to Email Someone Without Their Permission?

As the Google threat analysts also observed, Curious Gorge, a hacking group linked to China’s PLA SSF (People’s Liberation Army Strategic Support Force), targeted government and military organizations from Ukraine, Russia, Kazakhstan, and Mongolia.

Ghostwriter, a Belarusian-backed threat actor, was seen using a relatively new phishing technique known as Browser in the Browser (BitB) phishing, publicly disclosed in mid-March and also adopted by other government-sponsored APTs.

The Belarusian state hackers’ credential phishing campaigns have previously targeted Ukrainian officials and military personnel [12] and European refugee aid officials.

“Financially motivated and criminal actors are also using current events as a means for targeting users. For example, one actor is impersonating military personnel to extort money for rescuing relatives in Ukraine,” Leonard added.

“TAG has also continued to observe multiple ransomware brokers continuing to operate in a business as usual sense.”

Ghostwriter phishing landing page sample
Ghostwriter phishing landing page (Google TAG)

Previous malicious activity against Ukraine and other countries

Today’s report follows another one Google TAG published regarding malicious activity linked to the Russian war in Ukraine from early March that exposed Russian, Chinese, and Belarus state hackers’ efforts to compromise Ukrainian and European organizations and officials.

Google also revealed this month that it warned Gmail users affiliated with the US government they were targeted in phishing attacks coordinated by the Chinese-backed APT31 hacking group.

Also Read: Top 11 Ultimate Cold Calling Guidelines To Boost Your Sales

As we previously reported, this flood of attacks has also included distributed denial-of-service (DDoS) attacks targeting the Ukrainian government and state-owned banks, as well as multiple campaigns of destructive malware attacks [12].

“DDoS attempts against numerous Ukraine sites, including the Ministry of Foreign Affairs, Ministry of Internal Affairs, as well as services like Liveuamap that are designed to help people find information” were also observed by Google since the start of the Russian war in Ukraine.

Google expanded eligibility for Project Shield, its free DDoS protection service to help the Ukrainian government, embassies worldwide, and other governments keep their websites online.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us