Hackers associated with Russian intelligence have launched a global phishing campaign aimed at critics of the Kremlin, according to a new report from Citizen Lab and Access Now. The campaign, which began in 2022, targets prominent figures such as Russian opposition leaders in exile, former U.S. officials, and personnel from non-profits and media organizations in the U.S. and Europe.
The hackers employ tactics that involve impersonating people known to their targets, making the phishing attempts appear more credible. Victims often receive emails with a seemingly encrypted PDF attachment, which directs them to a fake login page designed to steal their credentials. Once the hackers gain access to these accounts, they can retrieve sensitive information.
Two hacking groups have been identified in the campaign: Cold River, a well-known entity tied to Russia’s Federal Security Service (FSB), and a newer group named Coldwastrel. Both groups are believed to be supporting Russian intelligence operations. The attacks have been increasing in sophistication, posing a significant threat to civil society members, particularly those with extensive networks in sensitive communities.
One notable victim was a former U.S. ambassador to Ukraine, who was targeted through an impersonation of a colleague. Another case involved Polina Machold, a Russian publisher in exile, who was nearly deceived by a phishing email mimicking a trusted contact.Â
The report highlights the ongoing dangers of state-sponsored cyberattacks and the growing need for robust cybersecurity measures, especially for individuals and organizations involved in high-risk activities. While the total number of targets remains undisclosed, the impact of these attacks could be severe, especially for those still in Russia, where compromised information could lead to imprisonment or worse.
Expanded Coverage: