Hackers with suspected connections to Russia’s Federal Security Service (FSB) are using sophisticated phishing attacks to target civil society figures in Russia, Europe and the United States, according to a report published by digital rights groups on Wednesday.
The Russian rights organization First Department said that phishing attacks since the start of this year have targeted Russian opposition politicians, human rights activists, NGO workers, media personnel and charities, along with their Belarusian and Western counterparts.
One of the identified attackers is known as Coldriver, a group that the U.S. and British governments previously linked to the FSB’s Center for Information Security, also known as Center 18. A second group, called Coldwastrel, was identified by the digital rights nonprofit Access Now.
First Department revealed that it was the “first known target” of Coldwastrel. Access Now suggested that the group “may be acting in the interests of the Russian regime,” but said that it was too early to definitively attribute the attack to a specific entity.
Citizen Lab, a research group based at the University of Toronto, identified some of the phishing targets, including former U.S. Ambassador to Ukraine Steven Pifer and the independent investigative news outlet Proekt.
However, Citizen Lab noted that “almost all” other targets, many of whom continue to live and work in Russia, have chosen to remain anonymous due to privacy and safety concerns.
“A focus on Russia, Ukraine or Belarus is a common thread running through all of the cases,” Citizen Lab said.
First Department described the phishing attacks as involving emails containing encrypted PDF documents sent from addresses impersonating a target’s “well-known and reliable colleague.” Once the target shared their information, the hackers could gain access to email correspondences and other files on their accounts, and also send new phishing emails to additional targets.
“These attacks could be incredibly harmful, particularly to Russian and Belarusian organizations and independent media, as their email accounts are likely to contain sensitive information about their staff’s identities, activities, relationships and whereabouts,” Access Now warned.
First Department head Dmitry Zair-Bek told Reuters that “some” of the phishing attack targets had “fallen for it.”
Russian officials have not commented on the report, though Moscow has consistently denied involvement in previous cyber-espionage campaigns.
A Message from The Moscow Times:
Dear readers,
We are facing unprecedented challenges. Russia's Prosecutor General's Office has designated The Moscow Times as an "undesirable" organization, criminalizing our work and putting our staff at risk of prosecution. This follows our earlier unjust labeling as a "foreign agent."
These actions are direct attempts to silence independent journalism in Russia. The authorities claim our work "discredits the decisions of the Russian leadership." We see things differently: we strive to provide accurate, unbiased reporting on Russia.
We, the journalists of The Moscow Times, refuse to be silenced. But to continue our work, we need your help.
Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and every contribution makes a significant impact.
By supporting The Moscow Times, you're defending open, independent journalism in the face of repression. Thank you for standing with us.
Remind me later.
