Russian-Linked Cyber Blitz Targets Ukraine: Spam Disinformation & Phishing Uncovered

Spam’s not just for breakfast anymore! Russian-aligned cyber pranksters are serving up a hot dish of disinformation via email in Ukraine, with a side of credential phishing. Mmm, tastes like cyber chaos! #OperationTexonto

Hot Take:

Well, if you ever wanted a crash course in Cyber-Deception 101, Russia’s got you covered with “Operation Texonto.” From spamming about non-existent crises to phishing for Microsoft creds with the subtlety of a bear in a china shop, these guys are throwing the cyber equivalent of spaghetti at the wall and seeing what sticks. And the kicker? They’re now in the pharma spam biz. Because, you know, when your disinformation campaign’s cover is blown, why not sell some fake Viagra on the side?

Key Points:

  • Operation Texonto, a disinformation plus credential-harvesting cyber combo meal, is the latest in Russia’s digital influence playbook.
  • Emails sent to hundreds in Ukraine, masquerading as local ministries, were about as subtle as a sledgehammer at a glassblowing contest.
  • The campaign’s phishing arm, known for its love of fake login pages, is likely part of the COLDRIVER ensemble—credential thieves with a penchant for drama.
  • As if spreading holiday fear wasn’t enough, the operation also dabbled in dark humor, suggesting Ukrainians self-amputate to dodge military service.
  • After the phishing jig was up, the operation pivoted to promoting a Canadian pharmacy scam—because nothing says “trustworthy” like a sudden career change.

Need to know more?

Spamming with a Side of Desperation

Imagine waking up to an email from what you think is a government agency, telling you to chop off a limb for a "happy life" to escape military service. That's the kind of twisted holiday greeting Ukrainians got from Operation Texonto. It's like the Grinch decided to go into cyber warfare, except he's less green and more... Kremlin.

Phishing in the Wrong Pond

These digital desperados tried to bait their hooks with Microsoft login pages, but instead of a big catch, they snagged the watchful eyes of cybersecurity pros. ESET caught them red-handed, or should we say, red-phished? The operation's phishing attempts might have had some overlap with COLDRIVER, a group with a history of credential theft that's as rich as caviar but nowhere near as sophisticated.

Disinfo Disasters and Holiday Horrors

The first wave of the disinformation campaign was all about heating, drugs, and food shortages—a classic tactic to chill spines during the Ukrainian winter. But the second wave, sent on Christmas, had a more sinister tone. It's like telling kids Santa's bringing coal, but instead of stockings, it's your email inbox.

From Cyber Menace to Spammy Pharmacist

After their cover was blown, the threat actors behind this campaign did what any good criminal enterprise would do—they pivoted to a new scam. Enter the fake Canadian pharmacy spam. Because when your geopolitical meddling falters, why not sell counterfeit meds? It's the cybercrime circle of life.

The Social Media Silent Treatment

Meanwhile, Russian state media's online clout has taken a nosedive, with a whopping 94% drop in engagement. It seems like their pivot to "non-political infotainment" isn't quite the hit they hoped for. Maybe the Internet's just not that into them anymore—or maybe it's just hard to compete with cat videos and TikTok dances.
Tags: Coordinated Inauthentic Behavior (CIB), Disinformation campaign, influence operations, Russian Threat Actors, , Spear-phishing attacks, War Propaganda