Google reports that a Russian APT group known as Gamaredon, Callisto and COLDRIVER has for the first time been caught phishing NATO and Eastern European military, in addition to campaigns against American NGOs, a Ukrainian defense contractor and a Balkan army.

“These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown. We did not observe any successfully compromised Gmail accounts during these campaigns,” Billy Leonard of Google’s Threat Analytics Group said in a blog post.

Gamaredon, first identified in 2013, is primarily known for its activity in Ukraine. In December, Ukrainian authorities revealed the names of five suspected members of the group, all of whom operated at the Sevastopol branch of the Russian FSB.

Palo Alto networks observed that Gamaredon was targeting a “Western government” in Ukraine in mid-January.

“The team continues to work around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information.”