February 22, 2024 at 02:49PM
Russian-linked threat actors carried out Operation Texonto, a multi-wave campaign targeting Ukraine. The operation involved PsyOps and spear-phishing to spread misinformation and steal Microsoft 365 credentials across Europe. It ran in two waves from October-December 2023. The tactics employed aimed to influence Ukrainian citizens and featured fake Microsoft login pages as well as disinformation emails.
Certainly! From the meeting notes, the key takeaways are as follows:
– Russia-linked threat actors conducted a multi-wave campaign named Operation Texonto, employing both psychological operations (PysOps) and spear-phishing. The campaign aimed to spread misinformation in Ukraine and steal Microsoft 365 credentials across Europe through diverse tactics and spam mails.
– Two distinct waves of the operation were identified, the first in October-November 2023 targeting a Ukrainian defense company and an EU agency, and the second in November-December 2023 focusing on disinformation related to heating interruptions, drug shortages, and food shortages targeted mainly at Ukraine.
– The campaign showed a combination of spear-phishing and disinformation, deviating from typical malicious activity, and moving away from common communication channels such as Telegram or fake websites.
– The first wave primarily involved a spear-phishing attack targeting Ukrainian defense company employees, while the second wave focused on spreading disinformation primarily in Ukraine and later expanded to other European countries.
– Researchers identified various malicious domains and recommended organizations to enable strong two-factor authentication to defend against spear-phishing attacks targeting Office 365. Additionally, critical mindset and not trusting all information on the internet were highlighted as the best protection against disinformation.
These are the clear takeaways from the meeting notes regarding the Operation Texonto campaign and the related threat activities.