Cybersecurity NewsNews

Researchers Uncover Two-staged Psyops Targeting Ukrainian Citizen


A research cybersecurity firm on cyberattacks has unveiled two-pronged war-related cyber invasions, comprising Psyops and credential-stealing campaigns, targeting Ukrainian civilians and critical corporations.

Researchers Uncover ‘Operation Texonto’ Against Ukrainian Citizen

The group of researchers ascertained that they discovered a cyber-psyops campaign, named Operation Texonto, observing analysis of two waves of sysops messages sent in November and December 2023.

The contents of the examination were based on typical Russian propaganda themes of drug and food shortages including interruptions to heating for Ukrainian citizens.

Additionally, the hacking goal was to stir Ukrainian citizens to believe Russia was winning the war. The operators distributed war-related schemes and disinformation via spam emails.

In October, researchers spotted a spear-phishing campaign invading both Ukrainian organizations, a defense company, and EU agencies in an attempt to steal login credentials for Microsoft Office 365 accounts. Following the tactic the threat actors used in this campaign and the ongoing phishing operation, they concluded that the attacks were of the same operations.

Operation Texonto Attributed  To Russia-Aligned Operatives

It is worth noting that the group researching the incident said there was no technical overlap. Additionally, no group publicly claimed responsibility for the campaign. Due to this, they are unable to nail the main group. However, they claimed that due to the operation’s alignment, it was a Russian band. In addition, the said group is responsible for the uptick in cyber espionage operations in recent months.

Furthermore, the strange brew of espionage, data operations, and fake pharma messages, the report says, can only remind us of Callisto, a well-known Russia-aligned cyber-espionage group, some members of which were the subject of an indictment by the U.S. Department of Justice in December 2023.

Conclusively, blurring of the lines between criminal and political activity is far from unusual, especially in countries such as Russia, with the fake pharmacy messages utilized as the same email server used by the attackers to send the psyops messages further proving the case.