Content created by Bailey Satori

Cyber Espionage: Phishing Scams Target Human Rights Activists in Eastern Europe

Published August 15, 2024
1 months ago


In a detailed report released by cybersecurity watchdogs Access Now and Citizen Lab, a sophisticated phishing operation dubbed “COLDRIVER” was uncovered, casting a spotlight on the turmoil faced by Russian, Belarusian, and Ukrainian human rights activists. The report exposes how these individuals, alongside international NGOs and media outlets, became prey to a cyber espionage campaign allegedly orchestrated by the Russian hacker unit Callisto Group, believed to operate under the auspices of the FSB's Information Security Center.


The COLDRIVER campaign, which surfaced following an earlier campaign called COLDWASTREL in 2022-2023, utilized phishing emails compelling recipients to input their credentials on deceptive login pages. This functioned as a ruse for stealing sensitive information. With such access, the perpetrators could have retrieved confidential data, risking criminal charges or imprisonment for those targeted, particularly under Russian legislation stigmatizing “foreign agents” or “undesirable organizations.”


The methods deployed in the first wave involved emails from seemingly legitimate but slightly altered addresses, deceiving recipients into providing personal login details. This technique was also employed in a subsequent campaign in 2024, though with malware downloads via virtual private servers – a new tactic that complicated the identification of victims and the tracking of the attackers' digital footprints.


Despite the advanced techniques used by the hackers, the analysts were able to link the latest phishing attempts to the Callisto Group, with metadata hints suggesting the documents originated from the GMT+3 time zone and were initially set to Russian language parameters, despite later attempts at obfuscating these traces by adopting Western-centric details.


Both the US and the UK have since responded to these invasions of privacy and potential threats to national security and democratic integrity, filing charges against Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets of the FSB, amidst allegations of interference in the 2019 UK elections.


Access Now has put forth recommendations for individuals and organizations to safeguard against such phishing attacks. They advise vigilance when encountering suspicious emails and encourage consulting cybersecurity experts if an attack is suspected.


This incident underscores the precarious conditions faced by human rights defenders in the region and the extent of state-sponsored efforts to undermine their work. It also demonstrates the crucial role of cybersecurity in preserving the integrity and safety of civil society actors against obscure and malignant cyber threats.



Leave a Comment

Rate this article:

Please enter email address.
Looks good!
Please enter your name.
Looks good!
Please enter a message.
Looks good!
Please check re-captcha.
Looks good!
Leave the first review