Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens and Informants

Description

Silent Push Threat Analysts have uncovered a sophisticated phishing campaign targeting individuals sympathetic to Ukraine's defense, Russian citizens, and potential informants. The operation, believed to be orchestrated by Russian Intelligence Services, employs four major phishing clusters impersonating the CIA, Russian Volunteer Corps, Legion Liberty, and Hochuzhit. These campaigns aim to collect personal information from victims through fake websites and forms. The threat actors utilize bulletproof hosting, domain spoofing, and Google Forms to lure targets into providing sensitive data. The campaign's persistence, long-term targeting of specific groups, and impersonation of official organizations without apparent financial motives strongly suggest state-sponsored involvement. Mitigation efforts include identifying and blocking associated domains and IPs.