Charities, aid organizations in Ukraine attacked with malware

Malware Ukraine

Charities and non-governmental organizations (NGOs) providing aid in Ukraine have been the target of malware attacks aimed at disrupting their operations and relief efforts to help those affected by the Russian war.

Amazon did not name the organizations targeted by these attacks in a blog post published Friday.

“While we are seeing an increase in the activity of malicious state actors, we are also seeing a higher operational rate by other malicious actors,” Amazon said.

“We have seen several situations where malware has specifically targeted charities, NGOs and other aid organizations to create confusion and cause disruption.

“In these particularly severe cases, malware is aimed at disrupting medical supplies, food and clothing assistance.”

The company said it is working with the employees of multiple NGOs, charities and aid organizations to provide humanitarian aid in Ukraine, including UNICEF, UNHCR, the World Food Programme, the Red Cross, Polska Akcja Humanitarna and Save the Children.

Phishing attacks on European refugee helpers

Proofpoint researchers saw similar activity and observed spear-phishing attacks targeting European government personnel involved in logistical support for Ukrainian refugees.

Emails sent during the attacks delivered malicious macro attachments that would download a Lua-based malware called SunSeed, which is used to deliver additional payloads to compromised devices.

The campaign, tracked as Asylum Ambuscade, targeted only NATO entities using the compromised email account of a Ukrainian army member.

Based on the infection chain, it matches and is likely related to July 2021 phishing attacks associated with the Ghostwriter Belarusian threat group (aka TA445 or UNC1151).

Facebook and Ukraine’s Computer Emergency Response Team (CERT-UA) also warned of Ghostwriter phishing campaigns against Ukrainian officials and military personnel.

Before the Russian invasion, the Ukrainian Security Service (SSU) said the country was hit by a “massive wave of hybrid warfare”.

This deluge of attacks included DDoS attacks on Ukrainian government agencies and state banks, phishing attacks targeting the Ukrainian military, as well as multiple series of destructive malware attacks. [1, 2]†

Update: Made it clearer that Amazon has not named any of the targeted organizations.

This post Charities, aid organizations in Ukraine attacked with malware

was original published at “”