Two Russian-aligned cyber espionage squads have been conducting a sophisticated spear phishing campaign against Western and Russian civil society entities for two years, according to the Citizen Lab.
In a new report published on August 14, 2024, the University of Toronto's investigative research group shared that Coldriver, a notorious hacking group backed by Russia's Federal Security Service (FSB), was behind the campaign.
The targets include prominent Russian opposition figures in exile, media organization funders and staff at US and European NGOs.
The activity was conducted alongside Coldwastrel, a newly discovered group. While Citizen Lab acknowledges Coldwastrel’s targeting “aligns with the interests of the Russian government,” the research group did not formally attribute the new threat actor to any country.
Decoding the River of Phish Campaign
The spear phishing campaign, dubbed River of Phish, was uncovered after a month-long investigation by Citizen Lab researchers in collaboration with Access Now, a digital rights advocacy non-profit, as well as other civil society organizations.
It started in 2022, coinciding with Russia’s full-scale invasion of Ukraine.
The hackers’ typical approach involves an email exchange with the target during which the sender impersonates someone known to them and requests them to review a document relevant to their work, such as a grant proposal or an article draft.
The email message usually contains a lure as an attached PDF file purporting to be encrypted or ‘protected,’ using a privacy-focused online service such as ProtonDrive, for example.
No tags.
