I am not sorry for wasting your time: Lessons to learn from Texonto PSYOPs targeting Ukraine

Roman Cuprik

Since the invasion started, ESET has both investigated and prevented a significant number of attacks launched by Russia-aligned groups against Ukraine.

In 1998, one of the most annoying things IT-equipped employees needed to deal with, SPAM, made it into the New Oxford Dictionary of English. Prior to 1998, the word “spam” only referenced a variety of processed canned meat produced by the Hormel Foods Corporation.

“It's sort of unfortunate that we've gotten this far,” John Mozena, then board member of the U.S.-based Coalition Against Unsolicited Commercial Email commented in the news. And that was just the beginning. More than 20 years later, spam messages accounted for over 45 percent of 333 billion emails sent and received daily around the world in 2022.

The latest ESET research about Operation Texonto highlights a scheme targeting Ukrainian citizens with a combination of spam and phishing messages. This situation reminds us that spam not only frustrates employees, but can also serve as a vehicle for disinformation, psychological operations, and data theft attempts against businesses and institutions.

These cyber incidents may look simple, but just the sheer volume of unsolicited emails coming on a daily basis can be so overwhelming that the situation begs for a professional solution. Especially now, that businesses are moving to the cloud.

After the full-scale invasion of Ukraine two years ago, all critical institutions and operators of critical infrastructure in Ukraine were offered a free upgrade to ESET’s highest-grade solution. When it comes to spam and phishing, for example, ESET Cloud Office Security (ECOS) offers broad coverage with advanced protection for Microsoft 365 and Google Workspace applications.

Constant pressure

The use of spam as a popular term for unsolicited email, comes from an episode of the 1970s TV show Monty Python’s Flying Circus. In one episode, a couple tries to order food in a cafe, but every course of the meal contains spam. To make things even more irritating, a group of Vikings sitting nearby are passionately singing about spam. The word “spam” is uttered at least 132 times.

While Monty Python was clearly trying to mock annoying things in people’s lives, their “spam” numbers were no match for the number of today’s spam emails. We are talking about a staggering 150 billion unsolicited emails sent and received daily. Well, that’s annoying, right? 

With this influx of emails, it is no surprise that 2022 data showed that up to 80 person-hours a year ago in vain just with filtering spam messages.

Moreover, this problem is not only about getting rid of unwanted emails but also avoiding being caught on the hooks of phishing attacks, the most common type of cyberthreat.

According to the latest government survey in the United Kingdom, one third of businesses identified a data breach in 2022, and 79 percent of those attacks were phishing. Similarly, in the US, the FBI received more than 300,000 phishing complaints in 2022, making it to the top of the bureau’s cybercrime victim list. To compare, personal data breach was the second most reported cybercrime with almost 59,000 victims.  

ESET Telemetry confirms that trend. According to the latest ESET H2 2023 Threat Report, spam has increased by 6 percent and malicious HTML files sending victims to phishing websites (HTML/Phishing.Agent trojan) are still by far the most detected email threat. Overall, these email attacks comprise almost a quarter (23.4 percent) of all cyber threats detected by ESET.

According to the latest government survey in the United Kingdom, one third of businesses identified a data breach during 2022, and 79% percent of those attacks were phishing. Similarly, in the US, the FBI received more than 300,000 phishing complaints in 2022, making it to the top of the bureau’s cybercrime victim list. To compare, personal data breach was the second most reported cybercrime with almost 59,000 victims.  

ESET Telemetry confirms the trend. According to the latest ESET H2 2023 Threat Report, spam has increased by 6 percent and malicious HTML files sending victims to phishing websites (HTML/Phishing.Agent trojan) are still by far the most detected email threat. Overall, these email attacks comprise almost a quarter (23.4%) of all cyber threats detected by ESET.

Lessons from Ukraine

Operation Texonto in Ukraine shows what such a campaign combining spam emails and phishing can look like.

At the end of 2023, Russia-aligned threat actors tried to demoralize Ukrainian citizens with two waves of spam emails. Additionally, ESET detected a spear phishing campaign conducted by the same group and within the same time period.

Employees working at a major Ukrainian defense company received a phishing email in October 2023, purportedly coming from their IT department.

It was an old-fashioned but still popular phishing message claiming that the employee’s email account was about to expire and they needed to fill in their login details on a given website to keep the account alive. The attached link sent victims to a phishing website posing as a legitimate Microsoft login page, but in reality, trying to steal credentials for Microsoft Office 365 accounts.

To deal with such threats, companies need to not only focus on employee awareness training but also have reliable anti-spam and anti-phishing protection. 

Mitigating the threat

If you want to know more about spotting phishing attacks, you can check this blog, but let’s now focus more on a technical solutions implemented in the ESET Cloud Office Security such as Antispam which consecutively won spam filtering tests by Virus Bulletin, a leading security testing authority, and received the VBSpam+ certification for several years.

The ECOS Antispam technology has high catch rates and being a cloud-based service, allows for prompt data updates that provide quicker reaction times when new spam emerges. This essential component filters all spam emails and keeps user mailboxes free of unsolicited or undesired messages.

ECOS Anti-Phishing prevents users from accessing web pages that are known to be phishing sites. Because phishing emails often contain links leading victims to phishing webpages, ESET Cloud Office Security searches the message body and the subject of incoming email messages to identify such links (URLs). The links are compared against the phishing database, which is being constantly updated. 

Combining these powerful tools together with anti-malware scanning, ultimate zero-day threat defense, and an easy-to-use cloud management console, ECOS helps to protect companies’ communications, collaboration, and cloud applications.

Conclusion

When looking at spam and phishing data, it is clear that no one has come up with a definitive answer for these threats, but that doesn’t mean you should give up the fight. Quite the contrary. You need professional protection in order not to be overwhelmed by tons of emails both soaking up employees’ time and trying to sneak some phishing messages into corporate mailboxes. 

How ESET helps:

• ESET products and threat intelligence have been protecting Ukrainian IT infrastructure for years. Since the start of the full-scale war in February 2022, ESET have prevented and investigated a significant number of attacks launched by Russia-aligned groups such as HermeticWiper and Industroyer2.

• As the leading endpoint protection platform vendor headquartered in the European Union, ESET also announced that it has stopped all sales to any individuals, businesses, and organizations in Russia and Belarus.

• ESET offered critical institutions and operators of critical infrastructure in Ukraine a free upgrade to ESET’s highest-grade solution.

• Between March and May 2022, ESET automatically extended expiring licenses for consumers in Ukraine at no cost.

• On top of that, ESET Foundation has allocated 1,277,700 euros for humanitarian relief in Ukraine.