Russian hackers attack Kremlin critics around the world with phishing emails - media

Hackers linked to Russian intelligence are targeting Kremlin critics around the world with phishing emails. Reuters writes about this with reference to new research published by digital rights groups Citizen Lab and Access Now, UNN reports.

Researchers say the phishing campaign is part of a large-scale online espionage operation, and comes at a time when U.S. officials are closely monitoring computer networks to prevent any cyberattacks against the 2024 presidential election.

The email hacks began around 2022 and targeted prominent Russian opposition figures in exile, former US think tanks and politicians, academics, employees of US and EU non-profit organizations, and media organizations, the report said.

Some of the victims were still in the country, which "put them at significant risk," the researchers say, adding that the victims may have been selected to try to access their extensive networks of contacts.

Although phishing is a common hacking technique, a characteristic feature of this operation was that the malicious emails often impersonated people known to the victims, making them appear more credible.

російські хакери атакували українські Телеграм-канали, зламавши сервіс FleepBotJuly 21 2024, 10:59 AM • 40471 view

Citizen Lab attributed the hack to two groups: the well-known Russian hacking organization Cold River, which Western intelligence and security officials have linked to Russia's Federal Security Service (FSB), and a new group called Coldwastrel, which appears to be backed by Russian intelligence.

The Russian embassy in Washington did not respond to a request for comment. Russia has consistently denied accusations of hacking in past Cold River incidents.

One of the victims of the hacking operation was the former US ambassador to Ukraine, who was targeted in a "plausible attempt" to impersonate a colleague he knew, a former ambassador, according to the report, which did not identify the individual.

російські хакери заявляють про кібератаку на сайт іспанської фірми, яка готує танки для УкраїниJune 5 2024, 12:54 PM • 21201 view

Booby-trapped emails typically had a PDF attached that required a click to decrypt. This click took the target to a website similar to the login pages of Gmail or ProtonMail, where, if they entered their credentials, hackers could access their accounts and mailing lists.

Some of those targeted by the campaign fell for it, said Dmitry Zair-Bek, who heads the Russian human rights group First Department, which also participated in the study.

Хакери рф проникли у систему "Київстар" в травні 2023 року - СБУJanuary 4 2024, 08:54 AM • 30675 views

"This attack is not really complicated, but it's no less effective because you don't expect a phishing email from your coworker," Zair-Beck told Reuters.

The total number of people targeted was in the double digits, and most of them were hit this year, he added, without elaborating.

Citizen Lab said the targets had an extensive network of contacts in sensitive communities, including high-risk individuals in Russia.

"For some, a successful compromise can lead to extremely serious consequences, such as imprisonment," the report says.

Cold River has become one of Russia's most prolific hacker groups since it first appeared on the intelligence community's radar in 2016.

It stepped up its hacking campaign against Kyiv's allies after Russia's invasion of Ukraine, and some of its members were sanctioned by U.S. and British officials in December.