Security News > 2022 > March > Phishing campaign targets Russian govt dissidents with Cobalt Strike
A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine.
The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.
The phishing emails pretend to be from a Russian state entity, a ministry, or a federal service, to entice recipients to open the attachment.
The "Ministry of Information Technologies and Communications of the Russian Federation" and the "Ministry of Digital Development, Communications, and mass communications" are the primary two spoofed entities.
The threat actors use three different file types to infect their targets with Cobalt Strike, namely RTF files, archive attachments of documents laced with malicious documents, and download links embedded in the email body.
As is to be expected, all of the phishing emails are written in Russian, and they seem to have been crafted by native speakers of the language and not machine translated, suggesting that the campaign is endeavor from a Russian-speaking actor.