I am not sorry for wasting your time. Lessons to learn from Texonto PSYCOP targeting Ukraine

Next story

Since the invasion started, ESET have prevented and investigated a significant number of attacks launched by Russia-aligned groups against Ukraine.

In 1998, one of the most annoying things employees faced on a daily basis officially made it into the New Oxford Dictionary of English. Until then, the word “spam” was used mostly for processed canned meat produced by Hormel Foods Corporation.

“It's sort of unfortunate that we've gotten this far,” John Mozena, then board member of the U.S. based Coalition Against Unsolicited Commercial Email, commented on the news back then. And that was only the beginning. More than 20 years later, spam messages accounted for over 45 percent of  the 333 billion e-mails sent and received daily around the world in 2022.

However, the latest ESET research about Operation Texonto targeting Ukrainian citizens with a combination of spam and phishing messages reminds us that spam is not only pushing employees’ buttons, but can serve as a vehicle for disinformation, psychological operations, and data stealing attempts against businesses and institutions.

These cyber incidents may look simple, but just the sheer volume of unsolicited emails coming in on a daily basis can be so overwhelming that the situation begs for a professional solution. Especially now as businesses are moving to the cloud.

After the full-scale war erupted in Ukraine two years ago, all critical institutions and operators of critical infrastructure in Ukraine were offered a free upgrade to ESET highest-grade solution. When it comes to spam and phishing, for example, ESET Cloud Office Security (ECOS) covers it all with advanced protection for Microsoft 365 and Google Workspace applications.

Constant pressure

Spam, as the term for describing unsolicited emails, comes from a 1970 TV show, Monty Python, showing a couple trying to order food in a café, but every course contains spam meat. To make things even more irritating, a bunch of Vikings sitting beside the couple are also passionately singing about spam. The word “spam” is uttered at least 132 times.

While the Monty Python group were clearly trying to mock annoying aspects that feature in people’s lives, their “spam” number is no match for the number of today’s spam emails. We are talking about a staggering almost 150 billion unsolicited emails sent and received daily. Well, that’s annoying, right? 

With this influx of emails, it is no surprise that 2022 data shows that up to 80 hours of an employee’s year is taken up with just filtering through spam messages.

Moreover, this problem is not only about getting rid of unwanted emails, but also avoiding being caught on the hooks of phishing attacks - the most common type of cyberthreats.

According to the latest government’s survey in the United Kingdom, one third of businesses identified a data breach during 2022 and 79% percent of those attacks were phishing. Similarly, in the US, the FBI received more than 300,000 phishing complaints in 2022, making it to the top of the Bureau’s cybercrime victim list. To compare, a personal data breach was the second most reported cybercrime with almost 59,000 victims.  

ESET Telemetry also confirms the trend. According to the latest ESET H2 2023 Threat Report, spam has increased by 6 percent, and the malicious HTML files sending victims to phishing websites (HTML/Phishing.Agent trojan) are still by far the most detected email threat. Overall, these email attacks make up almost a quarter (23.4%) of all cyber threats detected by ESET.

Lessons from Ukraine

Operation Texonto in Ukraine shows what a campaign combining spam emails and phishing may look like.

At the end of 2023, Russia-aligned threat actors tried to demoralise Ukrainian citizens with two waves of spam emails. Additionally, ESET detected a spear phishing campaign conducted by the same group and within the same time period.

Employees working at a major Ukrainian defence company received a phishing email in October 2023, purportedly coming from their IT department.

It was an old-fashioned, but still popular phishing message claiming that the employee’s email account was about expire and that they needed to fill their login details into a given website to keep the account alive. The attached link sent victims to a phishing website posing as a legitimate Microsoft login page to steal credentials for Microsoft Office 365 accounts.

To deal with such threats, companies need to focus not only on employee awareness training, but also should have reliable anti-spam and anti-phishing protection. 

Mitigating the threat

If you want to know more about how to spot phishing attacks, you can check this blog. But when it comes to protection against phishing attacks, we can look at the technical solutions implemented in ESET Cloud Office Security (ECOS). These solutions consecutively won spam filtering tests by Virus Bulletin, a leading security testing authority, and received the VBSpam+ certification for several years.

ECOS Anti-Spam engine has high catch rates and being a cloud-based service, allows for prompt data updates that result in a quicker reaction time when new spam emerges. This essential component filters all spam emails and keeps user mailboxes free of unsolicited or undesired messages.

ECOS Anti-Phishing prevents users from accessing web pages that are known to be phishing sites. Because phishing emails often contain links leading victims to phishing webpages, ECOS searches the message body and the subject of incoming email messages to identify such links (URLs). The links are compared against the phishing database, which is constantly updated. 

Combining these powerful tools together with anti-malware scanning, ultimate zero-day threat defence and an easy-to-use cloud management console, ECOS helps to protect company’s communications, collaboration, and cloud.

How ESET helps 

ESET products and threat intelligence have been protecting Ukrainian IT infrastructure for years. Since the start of the full-scale war in February 2022, ESET have prevented and investigated a significant number of attacks launched by Russia-aligned groups such as HermeticWiper or Industroyer2.

As the leading endpoint protection platform vendor headquartered in the European Union, ESET also announced that it has stopped all sales to any individuals, businesses and organisations in Russia and Belarus.

On top of that, within the first year of invasion, the ESET Foundation donated 1,277,700 Euros for humanitarian relief in Ukraine.


When looking at spam and phishing data, it is clear that no one has come up with a definitive answer to these threats, but that doesn’t mean you should give up the fight - quite the opposite. You need professional protection to avoid getting overwhelmed by the tons of emails that soak up employees’ time and try to sneak dangerous phishing messages into corporate mailboxes.