Hackers with links to the Kremlin targeted a former American ambassador to Ukraine as part of a spree of attacks on Russian and foreign civil society targets, security researchers say. (Wikicommons)
Hackers with links to the Kremlin targeted a former American ambassador to Ukraine as part of a spree of attacks on Russian and foreign civil society targets, security researchers say.
Beginning in February, attackers attempted to steal passwords from former officials and academics in the U.S. and prominent exiled Russian opposition figures and media organizations that may have been selected due to their networks among politically sensitive communities, according to reports published Wednesday by civil society groups including Access Now and the University of Toronto’s Citizen Lab.
In one case, the researchers found, the hackers tried to trick Steven Pifer, who served as U.S. ambassador to Ukraine between 1998 and 2000, into handing over his password. The hackers pretended to be another former U.S. ambassador who was known to Pifer in order to win his trust and lure him into entering his credentials on a malicious website. It wasn’t immediately clear whether attackers successfully infiltrated Pifer’s email account.
Pifer, who is currently a senior fellow at the Brookings Institution, could not be reached for comment.
The attackers are part of a group known as Cold River, researchers concluded after analyzing malicious files the hackers had sent victims. Western governments and cybersecurity companies have previously linked Cold River to Russia’s Federal Security Service, or FSB.
The U.S. and U.K. governments in December accused the Cold River group of involvement in a wide range of cyber-espionage campaigns. British officials said the same attackers had hacked lawmakers, stolen and leaked trade documents, and targeted universities, journalists and non-governmental organizations.
Representatives for the FSB and Russia’s Foreign Ministry didn’t respond to requests for comment.
Cold River also tried to compromise the Russian investigative media organization Proekt Media, according to the findings published Wednesday. Proekt Media’s Germany-based publisher, Polina Machold, said in an interview that the hackers tried to dupe her by pretending to be a colleague from another Russian independent media organization.
She became suspicious of their attempts to get her to open a particular file and forwarded the details to Citizen Lab, whose researchers confirmed it was part of a Cold River hacking campaign.
“We have had in the last several years several waves of hacking attempts,” Machold said. “But this one was new in terms of methods. It was a combination of phishing and social engineering.”
The cyber-espionage group has frequently sought out people working on issues related to Russia, Ukraine or Belarus, according to the digital rights organizations. To win trust, they pretended to be real people who were known to their victims, sending emails containing links to malicious websites. The aim was to lure their victims to a fake email login page that would steal their passwords and two-factor authentication codes.
“Russian security services show little concern with getting caught and will continue to target anyone, anywhere, to advance their goals,” said Rebekah Brown, senior researcher at Citizen Lab and one of the report’s lead authors. At the same time, Cold River is improving its ability to evade detection and tricking victims, Brown added.
The group’s targets appeared to have been selected because of their “extensive networks among sensitive communities, such as high-risk individuals within Russia,” Citizen Lab concluded in its report. A successful hack could potentially have “extremely serious consequences” for people in Russia, exposing them or their contacts to physical harm or imprisonment, it added.
More stories like this are available on bloomberg.com
©2024 Bloomberg L.P.
