Aug 16, 2024 07:00:00

It is pointed out that Russian spy agencies attack targets by impersonating people they know well

Citizen Lab , a security research institute at the University of Toronto, and the non-profit organization Access Now have revealed that Russia's intelligence agency, the National Security Agency, is conducting phishing attacks on users living in the United States, Europe, and other countries by impersonating individuals close to their targets.

Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived Enemies Around the Globe - The Citizen Lab
https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/

Russia-linked phishing campaigns ensnare civil society and NGOs

https://www.accessnow.org/russian-phishing-campaigns/

Russia launching more sophisticated phishing attacks, new report finds | Russia | The Guardian
https://www.theguardian.com/world/article/2024/aug/14/russia-phishing-hacking-attacks

Russian hacking has been reported before, with Russian government-backed hackersallegedly attacking Democratic candidate Hillary Clinton during the 2016 US presidential election.

According to researchers from Citizen Lab and Access Now, attacks linked to the Russian government have become more sophisticated in recent years, including attacks targeting former U.S. ambassador to Ukraine Steven Pifer and journalist Polina Makhold of the news outlet Proekt Media.

According to the research team, the attackers contacted Pifer posing as another former U.S. ambassador known to Pifer. Similarly, in McHold's case, the attackers contacted him posing as someone McHold knew well, and had him access a site that imitated Proton Mail , an email service frequently used by journalists, and execute a file to carry out a phishing attack.

In many cases, the attackers would communicate with the target via email, pretending to be someone the target knew well. The attackers would first ask the target to review a PDF file. If the target was using a privacy-focused email service like Proton Drive, the attacker would be asked to enter their email address and password. If the target entered their password or two-factor authentication code to open the PDF file, the attacker could use this information to access the target's email account.

'The attackers knew I had connections to this person and were using him to let my guard down. I'd never seen this type of attack vector before,' McHoldt said. 'Anyone with ties to the Russian opposition could be a potential target. The Russian government needs as much information as they can get.'

'This research shows that independent Russian media, exiled Russian human rights organizations, and current and former US government officials are facing sophisticated phishing attacks by the Russian government,' said Natalia Krapiva, tech counsel at Access Now. 'However, targets lack the resources to protect themselves, and the risks of being breached are severe.'

'Once these attackers obtain credentials from their targets, they immediately move on to accessing email accounts and online storage such as Google Drive to extract as much sensitive information as possible,' said Rebecca Brown, a senior researcher at Citizen Lab. 'For Russian exile groups in particular, there is a significant risk to their lives and safety if information about people left in Russia is obtained by the Russian government.'