Ukraine’s Computer Emergency Response Team (CERT-UA) warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information.
The agency cautioned that the emails arrive with the subject line “Увага” (meaning “Attention”) and claim to be from a domestic email service called Ukr.net, when in actuality, the email address of the sender is “muthuprakash.b@tvsrubber[.]com.”
The messages purportedly warn the recipients of an unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk, further prompting them to click on a link to change their passwords with immediate effect.
“After following the link and entering the password, it gets to the attackers,” CERT-UA noted in a Facebook post over the weekend. “In this way, they gain access to the email inboxes of Ukrainian citizens.”
Interestingly, TVS Rubber is an automotive company based out of the Indian city of Madurai, suggesting that attacks leveraged an already compromised email account to distribute the phishing emails.
images from Hacker News