In a report by Proofpoint company, which specializes in security issues, this group is called TA473. Other companies follow it under the name Winter Vivern. It uses constant intelligence and extensive research to be sure. scripts steal usernames, passwords and other sensitive login credentials on every public mail portal targeted by the attack.

what is known

The researchers say the hackers “targeted US and European officials, as well as military and diplomatic personnel in Europe.”

Since late 2022, TA473 has spent significant time inspecting the mail portals of European government agencies and scanning public infrastructure for vulnerabilities, eventually gaining access to the emails of those closely associated with government affairs and the Russia-Ukraine war.
Says Michael Ruggie, Proofpoint threat researcher.

Ruggie refused to name the targets, saying they only included elected US officials and federal government-level employees, as well as European organizations. “In several cases, among both American and European organizations, those targeted by these phishing campaigns are active supporters of Ukraine in the Russia-Ukraine war and/or participate in initiatives related to supporting Ukraine in the international arena.”.

These attacks use legacy vulnerability CVE-2022-27926, which was patched last March. However, not all servers have installed this update and are therefore vulnerable to attacks.