Back

Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived Enemies Around the Globe

Aug. 14, 2024, 3:45 p.m.

Tags

phishing
javascript
pdf
2024-08-14
coldwastrel
captcha

External References

https://citizenlab.ca/

https://otx.alienvault.com/

Description

An extensive investigation uncovered an elaborate phishing campaign conducted by a Russia-based threat actor known as COLDRIVER, attributed to Russia's Federal Security Service. The campaign employed personalized social engineering tactics to target civil society groups, NGOs, journalists, and government entities perceived as adversaries. A separate threat actor called COLDWASTREL, potentially aligned with Russian interests, was also identified employing similar techniques. The report details the intricate methods used, including impersonating known individuals, crafting credible lures, and harvesting credentials for account takeovers, underscoring the persistent threats facing civil society from state-backed cyber operations.

Date

Published Created Modified
Aug. 14, 2024, 3:04 p.m. Aug. 14, 2024, 3:04 p.m. Aug. 14, 2024, 3:45 p.m.

Indicators

protondrive.services

efa2fd8f8808164d6986aedd6c8b45bb83edd70ca4e80d7ff563a3fbc05eab89

c1fa7cd73a14946fc760a54ebd0c853fab24a080cbf6b8460a949f28801e16fc

df9d77f3e608c92ef899e5acd1d65d87ce2fdb9aab63bbf58e63e6fd6c768ac3

b07d54a178726ffb9f2d5a38e64116cbdc361a1a0248fb89300275986dc5b69d

79f93e57ad6be28aae62d14135140289f09f86d3a093551bd234adc0021bb827

603221a64f2843674ad968970365f182c228b7219b32ab3777c265804ef67b0a

4a9a2c2926b7b8e388984d38cb9e259fb4060cccc2d291c7910be030ae5301a3

384d3027d92c13da55ceef9a375e8887d908fd54013f49167946e1791730ba22

0ded441749c5391234a59d712c9d8375955ebd3d4d5848837b8211c6b27a4e88

00664f72386b256d74176aacbe6d1d6f6dd515dd4b2fcb955f5e0f6f92fa078e

Attack Patterns

COLDWASTREL

T1194

T1600

T1589

T1586

T1557

T1497

T1598

T1595

T1499

T1204

T1566

T1078

Additional Informations

Media

Education

NGO

Government