Moldovaʼs government hit by flood of phishing attacks
Moldova's government institutions have been hit by a wave of phishing attacks — the latest cyber assault on the country since it pledged support for Ukraine in its defense against Russia.
Hackers have sent more than 1,330 emails to accounts belonging to the country's state services, Moldova’s cybersecurity regulator announced on Thursday. In one campaign, emails contained a message about the alleged expiration of the .md government domain and instructed users to follow a malicious link leading to a fake payment page to renew it.
The phishing emails were sent on behalf of the website hosting company Alexhost, according to email samples published on the Moldovan Information Technology and Cyber Security Service (STISC) website.
The company warned its users about the phishing campaign on Monday. “Someone is using the name of our company without any consent,” the statement said. “Alexhost takes this seriously and will act.”
Following the phishing incidents, the company said it would start asking its customers to check invoices before making any payments.
Moldova’s cybersecurity regulator did not disclose whether the phishing campaigns were successful and how many state institutions were affected. It is also not clear who is behind these attacks and if the perpetrators were nation-state hackers or unaffiliated ransomware gangs. The regulator did not respond to The Record’s request for comment.
Over the past year, Moldova has witnessed a sharp increase in cyberattacks, likely in connection to the country’s support of Ukraine during the war with Russia.
In November, a newly-registered website called Moldova Leaks released private Telegram conversations purportedly involving prominent Moldovan political figures, sparking a political scandal.
The Moldovan president’s office claimed the content of the conversations was fake, but the leak indicates the probable interference of Russian hackers and intelligence services in the country’s internal politics.
In October, hackers targeted 80 Moldovan state computer systems with distributed denial-of-service (DDoS) attacks, though with limited success, according to STISC.
Earlier in August, the pro-Russian hacker group Killnet announced a week-long hacking campaign against Moldova. Before that, Killnet announced cyberattacks on other countries supporting Ukraine in the war with Russia.
From the first days of the war, Moldova condemned Russia’s invasion of Ukraine and has provided shelter for Ukrainian refugees. More than 645,000 Ukrainians have fled to Moldova as of December 12.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.