Digital rights groups have reported that hackers with alleged ties to Russia’s Federal Security Service (FSB) are conducting sophisticated phishing attacks targeting civil society figures in Russia, Europe, and the United States. The attacks have been ongoing since the beginning of the year, focusing on Russian opposition politicians, human rights activists, NGO workers, media personnel, charities, and their Belarusian and Western counterparts. Two identified groups, Coldriver and Coldwastrel, have connections to the FSB’s Center for Information Security, also known as Center 18. While it is suspected that Coldwastrel may be acting in the interests of the Russian regime, definitive attribution is still uncertain.
Research group Citizen Lab at the University of Toronto has identified some of the phishing targets, including former U.S. Ambassador to Ukraine Steven Pifer and the independent investigative news outlet Proekt. However, the majority of the targets, many of whom are still residing and working in Russia, have chosen to remain anonymous for privacy and safety reasons. The phishing attacks typically involve emails containing encrypted PDF documents sent from fake addresses impersonating a target’s trusted colleague. If the target shares their information, the hackers can access email correspondences, files, and send additional phishing emails to more targets, potentially jeopardizing sensitive information of Russian and Belarusian organizations and independent media.
First Department, a Russian rights organization, was the first known target of Coldwastrel, indicating a level of sophistication in the attacks. Access Now has expressed concern about the harmful impact of such attacks on organizations and media outlets that deal with sensitive information. Dmitry Zair-Bek, head of First Department, confirmed that some targets have fallen victim to the phishing attacks. While Russian officials have not responded to the report, they have consistently denied any involvement in previous cyber-espionage campaigns. The hacking activity appears to center around Russia, Ukraine, or Belarus, as noted by Citizen Lab, suggesting a specific geographical focus in the attacks.
The phishing attacks attributed to groups linked to the FSB’s Center for Information Security have targeted a wide range of individuals and organizations associated with civil society and opposition movements across Russia, Europe, and the U.S. The use of sophisticated tactics like impersonating trusted colleagues to lure targets into sharing sensitive information highlights the level of sophistication and potential harm of these attacks. The close monitoring and identification of phishing targets by research groups like Citizen Lab provide valuable insights into the ongoing cyber threats faced by civil society figures and independent media outlets in these regions.
The report underscores the evolving and persistent threat of state-sponsored cyber-espionage targeting civil society and opposition figures. The ongoing phishing attacks reveal a concerted effort to infiltrate email systems to access sensitive information and potentially disrupt the work of targeted organizations and media outlets. Despite the denial of involvement by Russian officials, the evidence linking the hacking groups to the FSB’s Center for Information Security raises concerns about the use of cyber warfare tactics against perceived adversaries both domestically and internationally. The need for enhanced cybersecurity measures and vigilance among civil society figures remains crucial in combating such threats to privacy and freedom of expression.
