Know their tactics, follow the tips here, and do not let your generosity and sense of political righteousness run awry


Cybercriminals have been taking advantage of our anxiety and insecurities to deceive, defraud, and dupe from the early days of the pandemic to the ongoing Russia-Ukraine conflict.

Humans are the weakest link inside organizations, so social engineering attacks have been part of the cybercrime playbook for a long time.

The following are some of the ways that cybercriminals have been using the Russia-Ukraine war to victimize people to harvest money and login credentials.

  • Vicious RATs
    One of the first campaigns to emerge leveraged the crisis as clickbait. These ‘malspam campaigns’ disguised spam as urgent emails on supply chain issues to lure targets into downloading the malware-as-a-service remote access trojan (RAT) Agent Tesla.

    RATs are insidious as they are capable of more than stealing and altering data. Agent Tesla can even compromise a device’s core functions once it has taken control. Most importantly, since victims are unaware of its presence, locating and removing it can be difficult. In particular, Agent Tesla in particular is known to mutate, making it even more of a danger to organizations both large and small.

  • Fake donation drives
    When the crisis (later to be confirmed as a war) erupted in late February, a wave of positive public sentiment had turned towards Ukraine. As such, a flurry of sites emerged offering donations to Ukraine, and even the Ukrainian government requested for donations in cryptocurrency on Twitter.

    Seeing this wave of support and concern, cybercriminals immediately pivoted to create fraudulent support campaigns.

  • Decentralized Anonymous Organizations (DAOs)
    Further complicating things was the emergence of DAOs leveraging a blockchain for transparency and record-keeping. Many such DAOs are legitimate, such as the UkraineDAO (LOVE) which raised over US$8m in a month for Ukraine.

    However, make fake DAOs have been uncovered: they look remarkably like valid relief campaign organizations but lack credible ties and are scams to pilfer cryptocurrency while benefiting from the anonymous and decentralized nature of crypto donations. Cybercriminals not only abscond with the donations, but can also steal personal information, credit card details, or even deliver malware.

Prevention is better than cure

While these cybercriminal campaigns exploit human weaknesses, other social engineering attacks potentially leverage fear or curiosity.

Whether on work or personal devices, individuals should be wary of opening unfamiliar or unsolicited emails, and should inspect unusual attachments before downloading and opening them.

At the corporate level, because over 90% of malware must touch DNS to enter or leave a network, using DNS security can help security pros accelerate threat hunting.
Harboring a healthy level of suspicion is always necessary when receiving unexpected mail, text messages, or when surfing the net. Organizations should also step-up awareness training for employees to keep their networks, browsers, and devices malware-free.

When it comes to donating, individuals should think twice before sharing sensitive payment information. Be on guard for potentially fraud payment services and redirects to unknown third-party websites.

The volatility of today’s geopolitics and the long-drawn pandemic have exposed vulnerabilities that cybercriminals are eager to exploit. Practicing good cyber hygiene will be key to mitigating the losses in this modern cat-and-mouse game.