Russian hackers recently tried to break into NATO cyber networks, according to Google report. They also tried to access data from the Alliance’s Center of Excellence and the computers of defense ministries in several allied countries, in Eastern Europe, according to the report of the Google Threat Analysis Group.
Analysts do not specify which countries were targeted, but said that these attempts were made using newly created Gmail accounts. Their success rate is unknown.
The cyberattacks were launched by a group of hackers in Russia called Coldriver or Callisto.
Russia, which is under severe economic sanctions imposed by the West following the invasion of Ukraine, has repeatedly denied allegations that it has carried out cyber attacks on Western targets.
The authors of the report say that hackers have sent misleading messages from newly created accounts to accounts on other platforms, and the success rate of the campaign is unknown.
“We see malicious cyber activities every day. NATO Centers of Excellence work with the Alliance, but are not part of NATO as such. We are in touch with them on this issue,” NATO said in a statement.
Security alert: Russian IPs seek for possible IT vulnerabilities in the Romanian energy sector
At the same time, US authorities recently notified the National Cyber Security Directorate (DNSC) about more than 100 IP addresses used in scanning / reconnaissance actions on the energy sector by cyber actors in the geographical area of the Russian Federation, DNSC officials told Hotnews.ro. Scanning / reconnaissance is the first step in launching a cyber attack.
In the list of IP addresses from which cyber attacks and malware would be propagated that could also affect Romania, in the context of the Ukraine-Russia crisis, there are over 120 IP addresses, most of them from Russia, near which the following type of attack : “Recognition of energy sector”.
On March 7 Rompetrol was the victim of a complex ransomware cyber attack in which a financial reward was demanded for unlocking the encrypted data. The company recently stated that ‘the company’s specific IT systems operations have been partially restored following a complex, ransomware cyber attack’, but did not specify at what cost it did so.