Security Concerns Rise with Phishing Campaigns Targeting Users

The Russian state-sponsored threat actor APT28 has been linked to a sustained credential-harvesting phishing campaign targeting users of UKR.net, a popular Ukrainian webmail service. This campaign, observed by Recorded Future's Insikt Group from June 2024 to April 2025, employs UKR.net-themed login pages embedded in phishing emails that use shortened links.

The attackers have transitioned from using compromised routers to anonymized tunneling services to capture stolen credentials. Meanwhile, a different threat actor associated with Operation ForumTroll has launched phishing attacks targeting Russian scholars in political science and economics, exploiting a zero-day vulnerability in Google Chrome to deliver malware.

These emails masquerade as communications from a legitimate Russian electronic library, aiming to entice recipients into downloading malicious files. The sophistication of these campaigns underscores a growing need for robust cybersecurity measures in the face of evolving digital threats.