Russian-aligned cyber espionage squads [5], COLDRIVER and COLDWASTREL [1], have been targeting non-profit organizations, independent media [1] [4], and international NGOs in Eastern Europe [1] [4], Russia [1] [2] [3] [4] [5], Europe [1] [3] [4] [5], and the US through a sophisticated spear-phishing campaign.
Description
These attacks, which have been ongoing for two years, are highly tailored with social engineering tactics [1]. The cybercriminals use PDF lure documents to redirect victims to credential harvesting pages [1]. Emails are sent from Proton Mail accounts impersonating known individuals or organizations [1]. COLDRIVER attacks use encrypted PDFs urging victims to open in Proton Drive [1], while COLDWASTREL uses lookalike domains for credential harvesting [1]. The targets include prominent Russian opposition figures in exile [5], media organization funders [2] [5], staff at US and European NGOs [5], former US ambassador Steven Pifer [3], and Russian rights organization First Department [3]. Access Now and Citizen Lab uncovered these campaigns [2], with COLDRIVER being attributed to a known threat group and COLDWASTREL believed to be the work of a different actor. Phishing remains effective due to low discovery cost [1], allowing for continued global targeting with serious consequences, including criminal charges and imprisonment for individuals [2].
Conclusion
These cyber attacks have serious implications, including criminal charges and imprisonment for those involved [2]. It is crucial for organizations to implement strong cybersecurity measures to mitigate the risks posed by such sophisticated spear-phishing campaigns. The continued global targeting by these cyber espionage squads highlights the need for increased awareness and vigilance in the face of evolving cyber threats.
References
[1] https://thehackernews.com/2024/08/russian-linked-hackers-target-eastern.html
[2] https://www.forbes.com/sites/emmawoollacott/2024/08/14/russia-linked-phishing-attacks-targeted-ngos-and-ex-us-ambassador/
[3] https://www.themoscowtimes.com/2024/08/14/fsb-linked-phishing-campaign-targets-russian-activists-independent-media-a86020
[4] https://www.accessnow.org/russian-phishing-campaigns/
[5] https://www.infosecurity-magazine.com/news/russia-fsb-spearphishing-espionage/