SECURITY
SECURITY
SECURITY
Russian state-sponsored phishing campaign targets Western NGOs and diplomats
A Russian state-sponsored spear phishing campaign has been found to be targeting Western and Russian civil society targets, including nongovernmental organizations, independent media and at least one former U.S. ambassador.
The campaign, detailed Wednesday by Citizen Lab and dubbed “River of Phish,” engaged targets with personalized and highly plausible social engineering in an attempt to gain access to their online accounts. The campaign is believed to be run by the Coldriver group, which Western governments believe is linked to the Russian Federal Security Service.
The targets have included Russian opposition figures in exile to staff at nongovernmental organizations in the U.S. and Europe, funders and media organizations. Among the targets was Polina Machold, the publisher of a media out that conducts high-profile investigative reporting into official corruption and abuses of power in Russia.
Citizen Lab also observed the group targeting former officials and academics in U.S. think tanks and policy organizations. Among them was former U.S. Ambassador to Ukraine Steven Pifer, who was targeted with a highly credible approach impersonating someone known to him — a fellow former U.S. ambassador.
Though certain targeted groups and individuals have been identified, Citizen Labs notes that they suspect the total pool of targets is likely much larger than the civil society groups it has analyzed. Notably, the Russian group was also found to be impersonating U.S. government personnel as part of its campaign, meaning that there could be further compromises within the U.S. government.
“Cybercriminals target anyone with an email address, but targeting high-profile people in government is a win for them,” James McQuiggan, security awareness advocate at KnowBe4 Inc., told SiliconANGLE. “Gaining access to a system that is within the government can be the stepping stone to a much larger payoff” as the attackers “can leverage the victim’s system to access other systems with the government infrastructure to then be able to collect data or maintain persistence for future access, which could lead to an attack or possible ransomware outcome.”
“Email should be treated with skepticism,” McQuiggan added, “If it’s not expected or the sender is unknown, like answering the front door of your home and seeing a package that wasn’t ordered, it should be met with skepticism and verify the sender or the contents of the email.”
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
