Security News > 2024 > August > Russian-Linked Hackers Target Eastern European NGOs and Media

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government.

While one of the campaigns - dubbed River of Phish - has been attributed to COLDRIVER, an adversarial collective with ties to Russia's Federal Security Service, the second set of attacks have been deemed the work of a previously undocumented threat cluster codenamed COLDWASTREL. Targets of the campaigns also included prominent Russian opposition figures-in-exile, officials and academics in the US think tank and policy space, and a former U.S. ambassador to Ukraine, according to a joint investigation from Access Now and the Citizen Lab.

"Both kinds of attacks were highly tailored to better deceive members of the target organizations," Access Now said.

The email messages are sent from Proton Mail email accounts impersonating organizations or individuals that were familiar or known to the victims.

The links to COLDRIVER are bolstered by the fact that the attacks use PDF documents that appear encrypted and urge the victims to open it in Proton Drive by clicking on the link, a ruse the threat actor has employed in the past.

Some of the social engineering elements also extend to COLDWASTREL, particularly in the use of Proton Mail and Proton Drive to trick targets into clicking on a link and taken them to a fake login page for Proton.

News URL

https://thehackernews.com/2024/08/russian-linked-hackers-target-eastern.html