Texonto Psychological enterprises of Russian origin in Ukraine

Η ESET Research recently revealed her Business Texonto, a disinformation/psychology campaign (PSYOPs) which uses as the primary method of message distribution spam email. With messages sent in two waves, threat actors close to Russia sought to influence and demoralize Ukrainian citizens with disinformation messages on war-related issues. operation textonto

The first wave was sent in November 2023 and the second in late December 2023. The contents of the messages were about problems related to heating, shortages of medicine and food, which are typical topics of Russian propaganda.

In addition, in October and November 2023, the ESET identified two campaigns spearphishing targeting a Ukrainian defense company and an agency of the European Union, carried out through the use of fake login pages of Microsoft. The goal of both campaigns was to steal credentials for accounts Microsoft Office Manager 365. Because of the similarities in the network infrastructure used in these businesses PSYOP and PhishingThe ESET Research can say with great certainty that they are related to each other.

"Since the start of the war in Ukraine, hacker groups close to Russia, such as Sandworm, have engaged in the destruction of Ukrainian IT infrastructure using wipers. In recent months, we have seen an upsurge in cyber espionage operations, notably by the notorious group Gamaredon. The company Texonto it shows yet another use of technologies to influence war," says its researcher ESET Matthew Faou, who discovered the Enterprise Texonto.

"The strange mixture of espionage, intelligence operations and fake messages cannot help but remind us of the well-known cyber-espionage group Callisto close to Russia, some members of the group were indicted by the US Department of Justice in December 2023. Callisto focuses its attacks on government officials, staff at think tanks and organizations related to the armed forces via websites spearphishing that are designed to mimic known providers cloud.

The group has also carried out disinformation operations, such as leaking documents just before the 2019 UK general election. Finally, the exploitation of its old network infrastructure leads to fake websites of pharmaceutical companies", continues the Faou. However, he concludes: “While there are several similarities between the business Texonto and its businesses Callisto, we have not found any technical overlap and are currently not attributing the business Texonto to a specific threat actor. But given the TTPs, the targeting and dissemination of the messages, we attribute the operation with great certainty to a group close to Russia."

An email server operated by the attackers and used to send the psychological attack emails was re-used two weeks later to send spam for pharmaceutical products.

This class of illegal business has been very popular in the Russian cybercrime community for a long time. They also revealed domain names which are part of the Company Texonto and deal with internal issues of Russia, such as Alexei Navalny, the well-known Russian opposition leader who was in prison and died on February 16. This means that the Company Texonto probably includes spearphishing or disinformation operations targeting Russian dissidents and supporters of the late opposition leader.

The goal of the first wave of disinformation emails was to sow doubt in the minds of Ukrainians. For example, an email says: “There may be heating outages this winter”.

Other messages, purporting to come from the Ministry of Health of Ukraine, mention drug shortages. There didn't seem to be any malicious links or malware in this particular wave, just misinformation.

A domain representing the Ministry of Agrarian Policy and Food of Ukraine recommended replacing drugs with herbs. In yet another email "from" the Ministry, they suggest eating "pigeon with rice". These documents were deliberately created to irritate and discourage readers. Overall, these fake messages align with common themes of Russian propaganda. They are trying to make the Ukrainian people believe that they will not have medicine, food and heating because of the Russia-Ukraine war.

About a month after the first wave, the ESET detected a second email campaign PSYOPs which targeted not only Ukrainians, but also people in other European countries. According to her telemetry ESET, a few hundred people received emails in this wave. The second wave contained its "darker" messages, with attackers suggesting people amputate a leg or an arm to avoid conscription. Overall, it has all the hallmarks of wartime psychological operations.

Business schedule Texonto

textonto

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by guest

Guest Post: I saw openly and entered!

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).