The invasion of Ukraine triggers ‘phishing’ and changes the ransomware scene, which also targets Russia

The crisis between Russia and Ukraine has altered the cybersecurity threat landscape, with ransomware attacks targeting Russian actors, the rise of scams exploiting support for Ukraine, and the reemergence of malware like Emotet and Industroyer.

ESET researchers have been alerted by the debut of a new strain of ‘Industroyer.’ The battle with Russia has gathered up momentum, with an incident affecting a power operator in early April. It was first spotted in 2016, when it was used to cut power supply in Ukraine.

The return of Industroyer is mentioned in the latest threat report from cybersecurity software vendor ESET, which was released on Thursday and breaks down the top dangers reported in the first quarter of 2022.

Between Q3 2021 and Q1 2022, ESET telemetry showed a 41% decrease in remote desktop (RDP) assaults utilizing brute force techniques. They want to take control of a computer via the Windows RDP function, which gives them remote access.

The decrease in this sort of cyberattack comes after two years of steady growth, which ESET researchers attribute to the crisis in Ukraine, as well as the return to workplaces following the rise of teleworking and increased awareness of this threat in IT departments.

Despite the drop, the ESET data showed that Russia was responsible for 60% of remote desktop attacks in the first quarter of this year.


ESET researchers also determined that Russia has been the country in the world that has received the most ‘ransomware’ attacks, which restrict access to certain sections or files of an infected computer and demand a ransom. for his release, with 12 percent of the total.

This information differs from that collected before to the Ukraine crisis. According to ESET, hackers tended to avoid targets in Russia or the Commonwealth of Independent States because of criminals based there or fear of retaliation.

However, the situation has altered, according to the security firm’s telemetry. Researchers have even discovered a ‘ransomware’ variation that displays the Ukrainian national greeting ‘Slava Ukraini’ (‘Glory to Ukraine’) on the infected computer’s screen.

ESET researchers have noticed an upsurge in the number of amateur ransomware and wiper assaults since the Russian invasion. The latter’s goal is to infect a computer and wipe out all of the data on its hard drive.


The writers of these threats frequently express sympathy for one of the two parties and portray their acts as personal retaliation. This tendency, according to the researchers, is expected to persist and even accelerate in the following months.


With the crisis, phishing attempts (those that spoof a legitimate source in order to deceive the recipient) and scams have multiplied, primarily targeting Ukrainian sympathizers. In this regard, using phony charities and charities was one of the most common methods used by hackers to take advantage of this support.

According to ESET telemetry, the phishing and fraud threat began on the same day as the Russian incursion, February 24. In particular, the company discovered a significant increase in war-related spam, which was more than double the normal levels seen earlier in the year.

In addition, the number of ‘phishing’ links detected surged thrice in March, compared to the same period last year.


Despite the fact that the Emotet botnet, one of the most dangerous Trojans in the world, was shut down at the start of last year, its activity has picked up this year, and it has become one of the most notable dangers in the first quarter.

This outbreak, which was designed to seem like banking malware, spreads mostly through spam emails. In the first quarter of 2022, the detection of ‘Emotet’ increased by 113 percent as compared to the third quarter of 2021.

The threat’s operators launched massive’spam’ campaigns using Microsoft Word documents in March and April of this year. According to ESET analysts, the threat’s spread may be halted if Microsoft disables Internet macros by default in Office suite apps, which will happen with version 2203 of the suite.

Although hackers have begun to use other channels, such as malicious files with the extension ‘. lnk’ (those that enable direct access to applications in Windows) that are sent to a smaller sample of victims, the technology company will be able to prevent the Trojan from spreading this way.

By Editor

Leave a Reply