Get the latest tech news
Rivers of Phish: Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe.
A sophisticated spear phishing campaign has been targeting Western and Russian civil society. In collaboration with Access Now, and with the participation of numerous civil society organizations, we uncover this operation and link it to COLDRIVER, a group attributed by multiple governments to the Russian Federal Security Service (FSB).
While this particular campaign did not leverage malware, we encourage human rights defenders, dissidents, journalists, and other members of civil society that may be targeted by Russian authorities to exercise extreme vigilance and contact experts such as Access Now’s Digital Security Helpline for help. Impersonating a known individual by setting up a Proton Mail account using their name; Using information gained through reconnaissance to tailor the message in the initial email to make it look more authentic; Employing language indicating a desire to collaborate on a shared area of interest; and Using a fake password protected/encrypted PDF with the content blurred in the preview. PDF Version1.41.5PDF Languageen-USru-RUPDF AuthorPlausible-yet-obscure English language names“User”Links in PDFUnique to each PDFConsistent across multiple targetsLinks in PDFRedirected to fingerprint, then to separate domain/site to gather credentialsHosted the phishing kit directly.Table 7: Overview of differences in the PDFs and infrastructure between two campaigns that shared similarities in social engineering and credential harvesting.
Or read this on r/technology/cdn.vox-cdn.com/uploads/chorus_asset/file/24854079/1234684574.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/23999417/acastro_STK459.jpg)