There's a connection between the trolls that hacked Ukrainian websites and a spam run

Nov 7, 2013 14:00 GMT  ·  By

Anonymous Ukraine has disrupted the official website of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). The hackers kept the website offline for close to two hours in response to NATO hacking a number of Ukrainian government websites.

“On Monday NATO Cooperative Cyber Defense Centre of Excellence hacked a number of Ukrainian websites including Medical Department of Security Service of Ukraine and Ukraine's Prosecutor General's Office. It's payback time! We've just tango down NATO Cooperative Cyber Defense Centre of Excellence!” the hackers wrote.

That’s confusing, right? Why would NATO hack Ukrainian government websites? In reality, NATO has nothing to do with the attack on the government websites.

Some hackers breached them and defaced them with an image that read, “Website has been suspended. Security policy of the website does not meet the requirements of NATO Cooperative Cyber Defence Centre of Excellence. Steadfast Jazz 2013."

The attacks came shortly after Anonymous Ukraine announced OpIndependence, a campaign in support of the country’s independence from NATO and the European Union.

So it would seem that someone hacked the Ukrainian websites on behalf of NATO’s CCDCOE to troll Anonymous Ukraine. However, there’s more to it than that.

Over the past days, fake CCDCOE emails have been making the rounds. The CCDCEO is aware of the bogus notifications and has even issued a warning. The emails carry the same outdated CCDCOE logo that has been used in the defacements.

Conrad Longmore of Dynamoo’s Blog has also analyzed the emails, which don’t contain any malicious links or attachments. He believes they might represent only one part of a campaign.

The most interesting part is that the email sent by hackers to Softpedia regarding the “NATO attacks on Ukraine” and the spam emails that currently make the rounds have been sent from the same IP address: 213.157.216.139.

This IP belongs to a Georgian subscriber of Caucasus Online LLC ASDL, a service that, according to Longmore, has been seen in conjunction with botnets.

If you have any tips regarding these mysterious campaigns, be sure to let us know.