August 15, 2024 at 08:57AM
Russian and Belarusian NGOs, media, and international organizations in Eastern Europe are targeted by spear-phishing campaigns linked to Russian government interests. One campaign, River of Phish, is attributed to a collective with ties to Russia’s Federal Security Service, while the second, COLDWASTREL, uses similar tactics. The attacks employ personalized social engineering tactics to deceive targets.
Key Takeaways from the Meeting Notes:
1. Two spear-phishing campaigns targeted Russian and Belarusian non-profit organizations, Russian independent media, international non-governmental organizations, and prominent figures-in-exile.
2. The campaigns were attributed to threat clusters named COLDRIVER and COLDWASTREL, with ties to the Russian government.
3. The attacks employed highly-tailored social engineering tactics, utilizing Proton Mail and Proton Drive to trick victims into clicking on phishing links.
4. The campaigns utilized PDF lure documents and fake login pages to harvest credentials, with efforts to avoid detection and increase credibility.
5. COLDWASTREL differed from COLDRIVER in the use of lookalike domains for credential harvesting and variations in PDF content and metadata.
These clear takeaways summarize the key points from the meeting notes, providing a concise overview of the cyber attack and social engineering tactics discussed.