Phish Fry Special Edition

Putin and the Russian Army have just invade the Ukraine.  This is Round Three, and may be for real this time, real as in Russian takes back the Ukraine and annexes an entire country.

The Russians have used Ukraine Rounds One and Two, and similar incursions against Georgia and other independent republics as practice.  They have specialized in a new type of hybrid warfare that combine cyber-war with traditional military tactics like invasion.

One of the things all of us can expect to see is the Russian cyberoperations and cyber criminal groups working for Russia be begin cyberattacks against the west.  Here is something weird I got in my inbox today.  Not sure what it is or what any of this means, but I will share my conversation with a client about this phishing attack.  You should be on the lookout for similar exploits, even crude ones like this.

To read the emails more easily, click on the images to open them in full screen.

Here is the original email

I replied to all to deliver a warning, and discovered that the address list is very short (only 10 targets) for this sort of exploit.  Also, four of these email addresses came back as undeliverable

I also alerted Ryan Lundervold about this email since it was designed to look like it came from him.


HIs response lead me to investigate further

The email headers showed this email originated in Poland.

I came to the conclusion that is email was just a poorly executed cyber attack, a bit of clutter in the all the attacks originating from the Russian Federation and the GRU over the last few weeks and the next several weeks as this invasion progresses.

You should be on the lookout for similar exploits, even crude ones like this.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.