Hackers linked to Russian intelligence are targeting the Kremlin’s critics around the globe with phishing emails, finds new research by digital rights groups Citizen Lab and Access Now, according to Reuters.
The email hacks, which began around 2022, have targeted high-profile Russian opposition figures in exile, former US experts, academics, and staff from US and EU nonprofit and media organizations, the report said.
Researchers noted that some of the targets were still in Russia when they suffered from hacker attacks. They suggested that the victims may have been chosen in an attempt to infiltrate their extensive networks of contacts.
Citizen Lab identified two groups behind the hacking: Cold River, a well-known Russian hacking group linked by Western intelligence and security officials to Russia’s Federal Security Service, and a newly emerged group named Coldwastrel, which seems to support Russian intelligence operations.
One of the hacking operation’s victims was a former US ambassador to Ukraine. The report said that the ambassador was targeted by a “credible effort” involving an impersonation of a fellow former ambassador known to him, though the report did not disclose the individual’s personal details.
The booby-trapped emails typically included a PDF attachment that prompted the recipient to click a link to decrypt the document. This link redirected the target to a website designed to mimic the Gmail or ProtonMail login pages. If the target entered their credentials, the hackers could gain access to their accounts and mailing lists.
“This attack isn’t particularly sophisticated, but it’s no less effective because you don’t expect a phishing email from a colleague,” Dmitry Zair-Bek, head of the Russian rights group First Department, which participated in the research, told Reuters.
He added that the total number of people targeted was in the double digits, with most attacks occurring in 2023.
Read more:
- Global unity needed to restore world order undermined by Russia, Ukraine’s spy chief says
- Intelligence chief Budanov says psychological mistake led to Russian Mi-8 pilot assassination
- “Week-long ambush” preceded historic Russian Tu-22 bomber downing, Ukraine intel chief says, confirming S-200 use
- Ukraine intel: Russia to start offensive aiming at seizing Luhansk, Donetsk oblasts in July