Russian-linked threat actors have utilized sophisticated techniques such as psychological operations (psyops) and spear-phishing to launch an extensive, multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. ESET researchers discovered the operation, named Operation Texonto, which took place in two separate waves during the final months of 2023. This campaign employed disinformation tactics to mislead and deceive targets, reflecting a hybrid war waged by Russian-aligned threat actors against Ukraine, which coincides with a ground military operation that has persisted for two years. This operation included typical themes of Russian propaganda, such as causing doubt and fear among the Ukrainian population. The operation utilized both disinformation and spear-phishing campaigns, which is atypical of most threat actors, highlighting the planned nature of this psychological operation. The attackers used diverse distribution methods like spam emails and typical Canadian pharmacy spam, while ESET researchers have pinpointed domain names associated with recent events, reflecting possible targeting of Russian dissidents. One of the campaign’s main goals was to steal Microsoft 365 credentials by redirecting users to fake login pages. ESET has provided indicators of compromise to help organizations defend against such attacks and recommends the use of strong two-factor authentication to safeguard against spear-phishing attempts.
