Summarize

Simplifying... Inshort

Russian hackers, linked to the country's Federal Security Service, are launching sophisticated phishing attacks to gather sensitive information.
They impersonate familiar figures to their targets, tricking them into opening encrypted files that appear legitimate, and then capture their login details.
This tactic poses a significant threat to independent media and human rights groups, particularly those in exile.

Was a long read? Making it simpler...

Next Article

Russian hackers escalate efforts to target civil society members

Investigation warns of a new wave of Russian cyberattacks

By Akash Pandey

Aug 16, 2024

01:56 pm

What's the story

Hackers, allegedly backed by Russia's state security agency, have reportedly intensified their cyber activities. They are now launching more advanced phishing attacks against civil society members in the US, Europe, and even within Russia. These details come from an investigation conducted by the Citizen Lab at the University of Toronto and the non-profit Access Now. The new wave of attacks demonstrates an increased level of technical sophistication and strategic cunning.

Advanced tactics

Hackers impersonate close associates to target victims

The hackers have refined their social engineering tactics, now impersonating individuals close to their targets. This strategy was evident in the cases of Steven Pifer, former US ambassador to Ukraine, and Polina Machold, an exiled Russian publisher known for her investigative work on Russian President Vladimir Putin and Chechen leader Ramzan Kadyrov. In both instances, the attackers posed as familiar figures to initiate "highly credible" interactions with their targets.

Deceptive approach

Machold's case: A complex phishing attack

Machold, living in Germany since her expulsion from Russia back in 2021, was targeted through a complex phishing attack. She was initially contacted by a former colleague who asked her to open an attachment that was mysteriously missing. Machold received another email from the same person months later, but through a secure Proton Mail account. Upon opening the attached file, it appeared as a legitimate Proton Mail drive and asked for her login details.

Information collection

Hackers are running phishing campaigns to gathering sensitive information

The investigation revealed that these hackers are primarily interested in gathering sensitive information. The phishing campaigns targeting Pifer and Machold have been attributed to a threat actor named Coldriver, linked to Russia's Federal Security Service (FSB). Another group, Coldwastrel, has exhibited similar targeting patterns. These findings highlight the significant threats faced by Russia's independent media and human rights groups in exile who often lack resources to defend against such advanced attacks.

Modus operandi

A closer look at the phishing tactic

The hackers usually initiate contact by pretending to be someone the target knows. They further ask the target to review a PDF document. The attached file often appears encrypted through a service such as Proton Drive, with a login page that is sometimes pre-filled with the target's email, making it seem legitimate. Once the target enters their details and two-factor authentication code, the attackers gain immediate access to their email and any associated online storage.