Ukrainian authorities arrested a $100 million phishing attack

The Ukrainian Cyber Police made public last week that they had apprehended nine members of a criminal gang that had stolen one hundred million hryvnias through hundreds of phishing websites that falsely claimed to offer financial assistance to Ukrainian citizens as part of a scheme to capitalize on the ongoing conflict in Ukraine.

Last week, the government agency issued a press statement in which it stated that "criminals created more than 400 phishing links" in order to steal the bank card information of citizens and steal money from their accounts. "The perpetrators could spend as much as 15 years in prison," the judge said.

The culmination of the law enforcement operation was the seizure of computer equipment, mobile phones, bank cards, and the illegal proceeds that were obtained through the scheme.

The bad actors registered a number of rogue domains, some of which are listed below: ross0.yolasite[.]com, foundationua[.]com, ua-compensation[.]buzz, www.bless12[.]store, help-compensation[.]xyz, newsukraine10.yolasite[.]com, euro24dopomoga0.yolasite[.]com, and others.

Underscoring the opportunistic nature of the social engineering attack is the fact that the rogue landing pages, which were designed to steal people's banking information, operate under the guise of surveys designed to fill out an application for payment of financial assistance from E.U. countries. These surveys were designed to fill out an application for payment of financial assistance from E.U. countries.

Once the threat actors had obtained the bank details, they logged into the accounts without authorization and fraudulently stole more than 100 million hryvnas, which is equivalent to $3.37 million U.S. dollars, from over 5,000 citizens.

The distribution vector that was used to spread the links is not immediately clear; however, it is possible that it was accomplished through a variety of methods including spam emails, direct messages on social media apps, SEO poisoning, or seemingly benign advertisements.

Citizens have also been cautioned by the agency to "obtain information about financial payments only from official sources, to refrain from clicking on questionable links, and under no circumstances to communicate confidential information, particularly banking information, to third parties or to indicate such data on suspicious resources."