Cybercriminals are reportedly impersonating legitimate aid organizations with the end goal of stealing financial donations intended for the people of Ukraine. Expel recently released new research pertaining to the campaign, in which they detail multiple phishing emails referencing the invasion of Ukraine to target cryptocurrency. Malicious emails detected included headlines asking recipients to help save Ukrainian children and seeking donations. One of the individuals who the threat actors impersonated via the phishing emails was Aronov Maxim, a doctor at Smile Children’s Hospital in Ukraine. This chain of emails told targets that a children’s clinic had been destroyed in the invasion and that donations were needed.
Some of the emails claim that the usual portals through which donations are received were currently closed due to the damage brought by the invasions, suggesting a cryptocurrency donation to a specific digital wallet instead. Expel condemned the attacks, stating that the threat actors were taking advantage of the crisis in Ukraine and exploiting its vulnerable population for personal gain. Expel advised legitimate donors to check the public wallet address and transaction history before sending money.