A new investigation by security researchers has revealed that Russia’s state security agency is launching increasingly sophisticated phishing attacks against US, European, and Russian civil society members. The attacks involve impersonating individuals who are personally close to the targets of the attacks, often using social engineering strategies and technical tactics.
The investigation found that the targets of the recent spate of attempted attacks included prominent figures in Russian opposition groups in exile, non-governmental staff in the US and Europe, funders, and media organizations. The most common tactic observed involved the threat actor initiating an email exchange with a target masquerading as someone they know, requesting them to review a document.
The attackers then use a privacy-focused service like Proton Drive to purport that the document is encrypted, pre-populating the login page with the target’s email address to make it look legitimate. If the target enters their password and two-factor code, the attacker can gain access to their email account and online storage, allowing them to pull sensitive information.
The investigation also found that the phishing campaign targeting Polina Machold, a Russian publisher in exile, involved an impersonator claiming to be someone she knew, who asked her to review an attached file. However, there was no attachment, and when she responded saying it was missing, the impersonator contacted her again using a handle on Proton Mail, requesting login details.
Researchers attributed the attacks to Russia’s Federal Security Service (FSB) and warned that anyone connected to the Russian opposition could be a target. They also noted that the attackers’ goal is to gain access to sensitive information, which can put lives at risk if it concerns individuals still in Russia.
The investigation highlights the need for increased vigilance and security measures among civil society members, particularly those in exile or with sensitive networks. As Natalia Krapiva of Access Now said, “This investigation shows that Russian independent media and human rights groups in exile face the same type of advanced phishing attacks that target current and former US officials.”
Source: https://www.theguardian.com/world/article/2024/aug/14/russia-phishing-hacking-attacks