Russia’s critics targeted with global hacking campaign, rights group says

By Zeba Siddiqui

(Reuters) – Hackers linked to Russian intelligence are targeting the Kremlin’s critics around the globe with phishing emails, according to new research published on Wednesday by digital rights groups Citizen Lab and Access Now.

The phishing campaign is part of a sweeping internet espionage operation, the researchers say, and comes as U.S. officials are closely monitoring computer networks to thwart any cyberattacks against the 2024 presidential election.

The email hacks began around 2022 and have targeted prominent Russian opposition figures-in-exile, former U.S. think tank and policy officials and academics, U.S. and EU nonprofit staff, as well as media organizations, the report said.

Some of those targeted were still in Russia, “placing them at considerable risk”, the researchers said, adding that the victims may have been selected to try to gain access to their extensive networks of contacts.

While phishing is a common hacking technique, a hallmark of this operation was that the malicious emails often impersonated people known to the victims, making them seem more authentic.

Citizen Lab attributed the hacking to two groups: the prominent Russian hacking outfit Cold River, which Western intelligence and security officials have linked to Russia’s Federal Security Service (FSB), and a new group dubbed Coldwastrel, which appeared to support Russian intelligence.

The Russian embassy in Washington did not respond to a request for comment. Russia has consistently denied allegations of hacking during past incidents linked to Cold River.

One of the victims of the hacking operation was a former U.S. ambassador to Ukraine, who was targeted with a “credible effort” impersonating a fellow former ambassador known to him, according to the report, which didn’t name the person.

The booby-trap emails usually had an attached PDF that solicited a click to decrypt. That click took the target to a website resembling the Gmail or ProtonMail login pages, where if they entered their credentials, the hackers would be able to access their accounts and mailing lists.

Some of those targeted by the campaign fell for it, said Dmitry Zair-Bek, who heads the Russian rights group First Department, which was also involved in the research.

“This attack is not really complicated, but it’s no less effective, because you do not expect a phishing email from your colleague,” Zair-Bek told Reuters.

The total number of people targeted was in the double digits, and most were hit this year, he added, without elaborating.

Citizen Lab said the targets had extensive networks of contacts within sensitive communities, including high-risk individuals within Russia.

“For some, successful compromise could result in extremely serious consequences, such as imprisonment,” it said.

© Reuters. FILE PHOTO: The Russian flag flies on the dome of the Kremlin Senate building behind Spasskaya Tower, in central Moscow, Russia, May 4, 2023. REUTERS/Stringer/File Photo

Cold River has emerged as one of the most prolific Russian hacking groups since it first appeared on the radar of intelligence officials in 2016.

It has escalated its hacking campaign against Kyiv’s allies following Russia’s invasion of Ukraine, and some of its members were sanctioned by U.S. and British officials in December.