Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived Enemies Around the Globe

Aug. 14, 2024, 3:45 p.m.

Description

An extensive investigation uncovered an elaborate phishing campaign conducted by a Russia-based threat actor known as COLDRIVER, attributed to Russia's Federal Security Service. The campaign employed personalized social engineering tactics to target civil society groups, NGOs, journalists, and government entities perceived as adversaries. A separate threat actor called COLDWASTREL, potentially aligned with Russian interests, was also identified employing similar techniques. The report details the intricate methods used, including impersonating known individuals, crafting credible lures, and harvesting credentials for account takeovers, underscoring the persistent threats facing civil society from state-backed cyber operations.

Date

  • Created: Aug. 14, 2024, 3:04 p.m.
  • Published: Aug. 14, 2024, 3:04 p.m.
  • Modified: Aug. 14, 2024, 3:45 p.m.

Indicators

  • protondrive.services
  • efa2fd8f8808164d6986aedd6c8b45bb83edd70ca4e80d7ff563a3fbc05eab89
  • c1fa7cd73a14946fc760a54ebd0c853fab24a080cbf6b8460a949f28801e16fc
  • df9d77f3e608c92ef899e5acd1d65d87ce2fdb9aab63bbf58e63e6fd6c768ac3
  • b07d54a178726ffb9f2d5a38e64116cbdc361a1a0248fb89300275986dc5b69d
  • 79f93e57ad6be28aae62d14135140289f09f86d3a093551bd234adc0021bb827
  • 603221a64f2843674ad968970365f182c228b7219b32ab3777c265804ef67b0a
  • 4a9a2c2926b7b8e388984d38cb9e259fb4060cccc2d291c7910be030ae5301a3
  • 384d3027d92c13da55ceef9a375e8887d908fd54013f49167946e1791730ba22
  • 0ded441749c5391234a59d712c9d8375955ebd3d4d5848837b8211c6b27a4e88
  • 00664f72386b256d74176aacbe6d1d6f6dd515dd4b2fcb955f5e0f6f92fa078e
  • dj-kqf04.eu1.hubspotlinksfree.com
  • vocabpaper.com
  • xsltweemat.org
  • togochecklist.com
  • resident.ngo
  • service-proton.me
  • protondrive.me
  • protondrive.online
  • proton-viewer.com
  • proton-reader.com
  • proton-docs.com
  • ithostprotocol.com
  • matalangit.org
  • ideaspire.net
  • esestacey.net
  • egenre.net
  • eilatocare.com

Attack Patterns

  • COLDWASTREL
  • T1194
  • T1600
  • T1589
  • T1586
  • T1557
  • T1497
  • T1598
  • T1595
  • T1499
  • T1204
  • T1566
  • T1078

Additional Informations

  • Media
  • Education
  • NGO
  • Government