FlagThis

A sophisticated phishing campaign, suspected to be backed by Russian Intelligence Services, has been uncovered targeting individuals sympathetic to Ukraine, including Russian citizens and informants. The operation involves creating fake websites impersonating organizations such as the CIA, the Russian Volunteer Corps (RVC), Legion Liberty, and "Hochuzhit" ("I Want to Live"), an appeals hotline for Russian service members operated by Ukrainian intelligence. These deceptive sites aim to collect personal information from unsuspecting visitors, exploiting anti-war sentiment within Russia, where such activities are illegal and punishable by law.

Researchers at Silent Push discovered four distinct phishing clusters using tactics such as static HTML, JavaScript, and Google Forms to steal data. The threat actors are utilizing a bulletproof hosting provider, Nybula LLC, to host the fake websites, which are designed to mimic legitimate organizations. The goal is to gather intelligence and potentially identify dissidents within Russia. The campaign highlights the ongoing digital dimension of the Russia-Ukraine conflict and underscores the need for increased vigilance and improved digital hygiene among potential targets.

ImgSrc: www.silentpush.

References :

• gbhackers.com: reports on the Russian attempts to steal Ukraine Defense Intelligence data
• hackread.com: Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
• www.silentpush.com: Russian Intelligence Service-backed Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens and Informants

Classification:

• HashTags: #Phishing #Espionage #Ukraine
• Company: Silent Push
• Target: Ukraine sympathizers
• Attacker: Russian Intelligence
• Product: Android
• Feature: Phishing
• Malware: Monokle
• Type: Espionage
• Severity: Medium