A sophisticated Russian spear phishing campaign has been targeting the Kremlin's critics in Russia and the West, according to a report from digital rights groups Citizen Labs and Access Now published Aug. 14.
Phishing is a type of social engineering in which attackers seek access to victims' online accounts by leveraging personalized deceptive tactics.
The hacker group Coldriver, which has ties to Russia's Federal Security Service (FSB), is responsible for the phishing scheme, according to the report. The campaign targeted Russian opposition figures, NGOs, and Western diplomats, including former U.S. Ambassador to Ukraine, Steven Pifer.
Hackers typically initiated email exchanges with targets by impersonating someone they already knew, such as a colleage, funder, or government employee, researchers said. Messages contained work-related requests, such as viewing a proposal or article.
Targets would then click on the attached PDF, which contained a phishing link that would transmit data from the victim's system to the attacker's server when clicked.
Researchers described the email ruse as credible and effective, with many targets believing they were exchanging messages with a real person. In the case of Pifer, the phishing email impersonated another former U.S. ambassador.
The campaign also targeted Polina Machold, publisher of the Russian independent investigative outlet Proekt Media, and multiple officials and academics at U.S. think tanks.
"Importantly, we suspect that the total pool of targets is likely much larger than the civil society groups whose cases we have analyzed," researchers wrote.
"We have observed U.S. government personnel impersonated as part of this campaign, and ... we expect the U.S. government remains a target."
Russian hacker groups have engaged in various forms of cyber warfare throughout the full-scale war, including cyberattacks against Ukraine, hacks of civilian infrastructure in Europe, and interference in foreign elections.
Oleksandr Tartachnyi
(Updated: )
